Test Cases For Login Page:Have you appeared for the Software testing interview, or have gone through the testing of banking or social networking site? If yes then hopefully you would be familiar with this question write test cases for Login Page. As we know login page is used to protect confidential information, critical system functionality or data with high integrity from all other users. Login page not only gives you the authority to change into your account but also give freedom to see the critical and confidential information behind the login page.
Here is the set of test cases for login page that would help you in getting the right job with a better understanding of a login page and these test cases for login page is not only going to showcase you high-level test cases but will provide you data set to perform validation of any login page.
- Test with correct username and password: This is the most basic positive test case for login page while using this, a user should successfully be logged in. If correct username and password are not helping you to login into your application then file a bug because this shows that something is wrong with the application login page.
- Test with incorrect username or password: access should be denied. This login test case for login is always used to see whether the system is behaving correctly or not and how the login page is responding to the wrong set of data.
- Test with correct username and empty password: In this case when user click on the login button then a message should flash that says “Enter a password or something unexpected went wrong”
- Test with empty username and correct password: Again an error message should appear to enter a valid email or username
- Verify the correct error messages like Incorrect combination of user name and password. If you are getting anything like Incorrect username or Incorrect password then be conscious because your application is giving half the information to a hacker and your application is in great danger.
- Verify that back button is not able to push you to your logged-in page just after you logout from your specific account: This kind of test cases invoke the flaw associated with Session management. When the session is not closed just after your log-out means anyone can access your account if you have opened your specific login enabled account at any time just by clicking Back button in Browser. So one way to save your account from such misconduct is to close the browser whenever you log-out from your account.
- Test a page URL without login to the application: For such thing login with correct username and correct password and go to a certain page, copy the URL and paste the same in another browser. if you are able to open the page then this application is not in good shape to protect the user’s information because anyone can open a specific page just by entering direct URL.
- Verify the session timeout: This is a most important test case for login page especially in the finance-related site. The session should time out if a user is inactive for a few minutes. This is normally a sustainability test of the session. If your application is not prompting for session timeout then think once this may be an issue in future.
- Verify HTTPS in URL for the login page: S with Http mean secure HTTP. If login is associated with HTTP in URL means your information to login into the application is not secure and anyone can access your information just by doing the small effort. While HTTPS ensure encryption of the information that is being sent to the server from client end.
- Verify ID in URL while processing your request: keep track on ID associated with your request URL and ID associated with request URL should be dynamic not static otherwise this may help some hacker to nab your information.
- Verify deletion of ID while browsing: Go to the place where cookies are saved and try to delete cookies when you are just browsing your account and try to find out the cookies that have your username and password because as soon as you delete that cookies you should be reached to the login page. If you find the same cookies then try to change the numbers in cookies and should verify what is happening, hopefully, corrupt cookies that have your real id should redirect you on login page once again even you haven’t deleted the cookies.
- Try to login when your cookies are disabled
- Check SQL injection: most devastating vulnerabilities to impact a business, as it can lead to exposure of all of the sensitive information stored in an application’s database, including handy information such as usernames, passwords, names, addresses, phone numbers, and credit card details.
So I would suggest including this test cases if you are going to test some banking and insurance-related application. Most common SQL injection that is used or ‘1’=’1, if this got executed then be ready for the loss of your important information. If means hacker can log in without any problem to system or application.
- Verify account lockout: I would like to include this test case with priority, if a user is using 3 or some specific number of time a wrong password then his/her account should be locked out and access should be allowed after certain assurance form filling or by calling customer care. This may help the user from hackers hand.
- Verify simultaneous login to the application on the different browser: I think you all would be familiar with this in daily life if you would have used a railway ticket booking site.
- Try some hit and a trial username and password: before deploying an application, username and password like Admin: Admin, Guest: Guest, some username: password, author: author should be removed from the database.
- Forgot password
- Remember Me
First of All taking Remember Me Functionality.
1- When user select remember me option on social networking or public-facing site, alter stating something about security should be shown on screen.
2- User should test the cookies and user should try to doctor cookies to check whether username and password are directly accessible with small effort or not.
3- Hight Security application should not have the Remember Me feature.
4- If remember me functionality is implemented, On every new browser session user should get alert to opt-in this option.
Forgot Password: This functionality is very important to regain the authority to your private area. In this user needs to click and needs to mention some of the details depending upon the implementation of the site.
1- Ensure on clicking forgot password page, User is pushed to forgot password page, where some information needs to be populated to authenticate the user’s existence.
2- Ensure that multiple media are there. User should be given the option to receive OTP or link on mobile using cell number or email id.
3- On clicking link provided, the user should be pushed to reset password page where the user should be able to enter a new password.
4- User should be able to login into the system using the newly added password.
Sign-up Page: This page is used to enroll a new user. So this page should have a minimal number of the information field So that user could not lose interest in the registration process.
1- Ensure the long list of form fields are not presented to end-user
2- Every single field should be posted with client-side validation
3- There should be some sort of reset option to clear all the information
4- Welcome mail with confirmation link should come on registered email id to prevent spamming on the system.
5- Maximum number of the con-current user should be tested for the registration page.
These test cases for login not only test the functionality but also test the security of the application. But I am not saying that these test cases are enough to test the security of an application. But security testing is the part of testing that does not have any relation with the requirement document. So more and more effort is needed if we are talking about the security of an application.
If you are want to write test cases on anything then I would suggest you, read Test Cases for Elevator(Lift)
Hope this would help you in testing login page
Special thanks to Andréas Prins, Test Manger Collis and Wikipedia