Login Function Test Summary

Source: Internet
Author: User
Tags sql injection attack

Simple summary of the login function of the test point, the Internet also has a lot of posts can be consulted, here to make a record, convenient for later access and use:

First, the basic function test:

    1. Enter the correct user name and password to log on successfully
    2. Enter the wrong username password login failed
    3. The user name is correct, the password is wrong, are you prompted for a password error?
    4. User name error, password OK, are you prompted to enter a user name error?
    5. Is there a hint when the user name password is empty?
    6. logged out user Login failed, prompt information friendly? Does the
    7. password box appear encrypted? Does the
    8. user name support Chinese, special characters? Does the
    9. user name have a length limit? Does the
    10. password support Chinese, special characters? Does the
    11. password have a length limit? is the
    12. password case-sensitive? is the
    13. password prompt for modifications when it is a simple, common string? such as: 123456
    14. How is the password stored? Is it encrypted? is the
    15. login function required to enter a verification code?
      1. Validation code valid time?
      2. Code input error, Login failed, prompt information is friendly?
      3. Enter expired authentication can I log on successfully?
      4. is the verification code easy to identify?
      5. is the captcha feature available? Can I click the captcha image to change the verification code?
    16. user system: For example, the system is divided into ordinary users, advanced users, different users can log on to the system after different permissions.
    17. If you use a third-party account (QQ, Weibo account) to log in, then the third-party account and the system's account system corresponding relationship how to save? First logon requires a totalitarian wait

Second, the page test:

    1. Does the sign-in page appear normal? Text and pictures can be normal display, the corresponding prompt information is correct, button settings and arrangement is normal, the page is simple and spectacular.
    2. Whether the default focus of the page is located in the input box of the user name
    3. is the corresponding input box empty at the first logon? Or if you have a default copy, does the default scheme disappear when you click the input box?
    4. The corresponding button such as login, reset and so on, whether the page's forward, rewind, refresh button is available?
    5. Shortcut key Tab,esc,enter, etc., can control the use of
    6. Compatibility test: Different browsers, different operating systems, different resolutions of the interface is normal

three . Safety test:

    1. do not log in: The browser directly enter the address after login, to see if you can directly enter the
    2. login successfully generated after the cookie, whether it is httponly (otherwise easy to be scripted)
    3. is the user name and password sent to the Web server



      The user name and password input box should block the SQL injection attack


      The input box for username and password should prohibit input script (prevent XSS attack)


      The number of error login limit (prevent brute force)


      Consider whether multiple users are supported to log on on the same machine;

    9. Consider a user logging on on multiple machines

four . Performance test:

    1. Whether the response time of single-user login system conforms to the "3-5-8" principle
    2. The number of users at the critical point when concurrent logins can also comply with the "3-5-8" principle
    3. Pressure: A large number of concurrent user logins, what is the response time of the system? Will there be downtime, memory leaks, CPU saturation, and no sign-in?
    4. Stability: Can the system process the number of concurrent users in a continuous login to n at the point of the scene?

five . Other tests:

    1. Input 3 or more consecutive error password, remember whether to be locked for a certain time (such as: 15 minutes)? The time is not allowed to log in, beyond the point of time can continue to log in.
    2. After the user session expires, will re-login again return to the previous session expired page?
    3. User name and password input box is the thing that supports keyboard shortcuts? such as: Undo, Copy, paste, etc.
    4. Do you want to allow users with the same name to log in simultaneously? Consider web and app simultaneous logins
    5. When mobile phone log on, whether to determine the network is available?
    6. When you log in, do you first determine if the app has a new version?
    7. Do you support single sign-on?
    8. Is there a buried interface?

Login Function Test Summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.