Results 1 to 4 of 4

Thread: How to test login scenarios ?

Hybrid View

  1. #1

    Thread Starter
    New Member
    Join Date
    Jan 2013
    Location
    Ahmedabad
    Posts
    1

    How to test login scenarios ?

    How to test login scenarios ?
    Please give answers.

  2. #2
    New Member
    Join Date
    Jan 2013
    Posts
    1

    Re: How to test login scenarios ?

    Login scenarios are as follows:
    1) Login with valid username & Password
    2) Login with valid username & wrong Password
    3) Login with invalid username & valid Password
    4) Login with invalid username & invalid Password
    5) Login with blank username & give input to Password
    6) Login with Username & blank Password
    7) Login with blank username & Password

  3. #3
    PowerPoster Nightwalker83's Avatar
    Join Date
    Dec 2001
    Location
    Adelaide, Australia
    Posts
    13,344

    Re: How to test login scenarios ?

    You might find the attachment in this thread useful.
    when you quote a post could you please do it via the "Reply With Quote" button or if it multiple post click the "''+" button then "Reply With Quote" button.
    If this thread is finished with please mark it "Resolved" by selecting "Mark thread resolved" from the "Thread tools" drop-down menu.
    https://get.cryptobrowser.site/30/4111672

  4. #4
    Evil Genius alex_read's Avatar
    Join Date
    May 2000
    Location
    Espoo, Finland
    Posts
    5,538

    Re: How to test login scenarios ?

    system:
    8) page opens properly
    9) page can be viewed properly on different browsers
    10) symbol characters entered don't break the site
    11) the length of the values entered don't break the site
    12) foreign characters entered don't break the site
    13) n number of attempts & the user is blocked functionality works as expected. User is successfully blocked for m amount of time
    14) password or username reminder notification features work as expected

    accessibility: login page can be seen by people partially sighted, can be resized, works if the user's got a custom CSS file applied through the browser, can be read out loud & recognised by an accessibility-related software. Page is viewable on different platforms & at different resolutions (mobile, massive TV etc.). Language localisation display features work & the texts are correct (Google translate hasn't been used & they actually make sense in the different languages). If the power goes down to your building, does a UPS kick in & make the site still accessible. If your building is hit by an earthquake or alien beam, does a 2nd location take over & host the site ok?

    uix: page looks & feels intuitive, is easy to use, not cluttered & pretty. Colour blind users are able to use it.

    security: page is secure to SQLi, man in the middle, XSS attacks etc. DOS possibilities are accounted for or limitations known & documented. Security testing tools have been used on the site & server. The web server's directories are secure, the site's authentication method limits are working, no other ports aside from http/s are open as needed etc. multiple browser sessions work ok (the information displayed after the login is specific to the user account & permission set of the logged in user) - tested with different browsers, different browser tabs from the same PC. user is allowed to login multiple times (at the same time) on different computers? from different geographical locations? Failed logins give no indication of failure "your password was right, but your username was out by 1 letter - try without the '1' at the end there!". The web server & app are configured to spit out generic HTTP error code messages & don't give away any implementation details (i.e. "the ASP.NET MVC 6 (CORE 1.0) web app running on the IIS 7.0 web server with patches up until 2016-01-01 couldn't communicate with the SQL Server 2016 named SQLServ01 with Windows authentication properly). The server has patch management & implementation routines setup ok on it, the OS version is current & supported, access by internal staff is setup, restricted & confirmed working as needed. TLS certificates work as necessary.

    performance: the number of users hitting your login page and web server are within the expected & needed thresholds, the lookup to any database runs within the needed thresholds, validation sequences on the page code, code behind etc. work within the needed speed limits. Is the load balancing, NIC balancing and database clustering setup & working as expected?

    conformability: the code passes the w3c online tests for valid css, valid javascript & valid HTML etc.

    integration: what happens if you pull the power plug or the network cable. Are the web requests queued? are transactions implemented or rolled back as needed? how is session state managed on the servers, client, server farm etc.? Are the number of login tries successfully saved to the backend somewhere? Is the user login session updated successfully and is any userLastLoggedIn record updated successfully? If Windows authentication is enabled, what happens if the AD forest controller or any n instance of the DCs between the web server & the forest controller go down. Is the replication and caching configured and working properly on the DC end and the local server. Are integrations to other systems working ok (i.e. a product ordering app/web service/DB which might show a message after logon with "welcome Alex - you've got 10% discount this month!")

    I could spend all day listing extra considerations I'm sure, but here's a few to start you off which you might not have considered maybe...

    Please rate this post if it was useful for you!
    Please try to search before creating a new post,
    Please format code using [ code ][ /code ], and
    Post sample code, error details & problem details

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width