A logon interface is relatively simple in terms of functions and interfaces, and everyone has been familiar with countless logon interfaces. The basic logon interface includes the account input box, password input box, verification code input box, logon button, and reset button, the complexity also includes the operation buttons or operation links such as remembering accounts, registering accounts, forgetting passwords, and logging on to security. Some of them also have the appropriate text with a friendly reminder.
Case Description
GeneralTestUse Cases:
1. Verify that the static text information such as the logon interface title and input box title is correct.
2. Verify that the button name is correct.
3. Verify that the user name and password are correct.
4. Verify that the user name is incorrect and the password is correct. the user cannot pass the logon verification and provides the corresponding prompt information.
5. When the user name is verified to be correct and the password is incorrect, the user cannot pass the logon verification and provides the corresponding prompt information.
6. When both the user name and password are incorrect, the user cannot pass the logon verification and give the corresponding prompt information.
7. Verify that the logon is successful and the correct homepage appears.
8. failed to verify logon. It cannot be displayed on the home page.
Critical Value test case:
9. When the verification username and password are empty, the user cannot pass the logon verification and give the corresponding prompt information.
10. If the verification username is blank, the user cannot pass the logon verification and provides the corresponding prompt information.
11. When the verification password is blank, the user cannot pass the logon verification and provides the corresponding prompt information.
12. Verify that the username length is 19, 20, or 21 (assuming that the username length is 20 ).
13. Verify the password length when it is 9, 10, or 11 (assuming the password length is 10 ).
Usability test cases:
14. Verify that common shortcut keys are supported. (After entering the user name and password, press enter to log on, CTRL + X, CTRL + C, and CTRL + V (some web page password input boxes do not support pasting), CTRL + A, etc)
15. Verify the username and account processing status when logon fails. (Are usernames and passwords cleared? Or select the two to make it easier for users to enter them again? Or not? A good practice is to clear the password and retain the user name. The user name will be selected at the first click .)
16. Verify that the user name of the last logon is remembered when you log on again after the login is successful, so that you can enter the user name again.
17. Verify that the first time you open the logon interface, the mouse input focus is in the user name input box for you to enter directly.
18. Verify that if you remember the user name when you open the logon page again, the mouse focus is in the password input box to facilitate direct input.
Security test cases:
19. Verify that the logon system is well protectedSQLInjection. use special characters or SQL keywords as the user name and password to log on.
20. verify whether the user name and password are saved after the user logs on successfully.
21. Verify where it is stored and whether it is protected. If it is stored in plain text, it will be a security vulnerability.
Examples
Many systems in our company provide the use of digital certificates (KEYS) for Logon due to special needs. Due to restrictions, this login method cannot be tested. We will not discuss this method here.
Here, I want to use the XX system logon interface of my company as an example. Based on the test cases mentioned above, it should be noted that I did not specifically want to find xx, I just think that using our company's system as an example is more relevant. Besides, I am familiar with xx system and XX system has an Internet Test address.
The logon interface of XX is concise and clear. For "General logon mode", only the "user name" text input box, "password" text input box, "Logon", and "reset" buttons are available.
Use the test cases above for one-to-one testing and the following results are obtained:
1. The expected output results are obtained for both conventional test cases and critical value test cases.
2. In the usability test case, use case 14 gets the expected output.
3. In the usability test case 15, the output result is that when logon fails, the password is cleared and the user name is retained so that the user can enter the password again.
4. In the usability test case, Case 16 does not get the expected output, that is, the user name is not remembered when you re-open the logon interface next time.
5. In usability test cases, test cases 17 and 18 do not get the expected output, that is, the mouse input focus is not set.
6. in the Security Test Case, Case 19 did not get the expected output, and did not prevent SQL injection. For example: if you enter "'or 1 = 1 --" in the user name and password input box, you can bypass the background logon verification and directly log on to the system. For example: enter "or" in the username input box and log on to the system. The displayed page is the "SQL statement execution error" prompt page. There are a lotDatabase.
Result Analysis
According to the above test results, we can find that the logon interface of XX system is better in both appearance and basic functions, and there will be no problems under normal circumstances.
We have not done enough in terms of the ease of use of the system and have not considered it in detail, because it is easy to ignore this aspect, so many people do not care too much about this aspect, not to mention that the development time is so tight. But now the society is increasingly demanding on the quality of software products. Many times these small aspects will reflect the competitiveness of software products, because this is also the consideration of software products for users, the embodiment from the user's point of view is the embodiment of human nature. In fact, this is not a very difficult technical issue, but an issue of thinking. Therefore, I think it is necessary for us to think more about ease of use. Of course, this is the responsibility of each of us!
For security, SQL injection is not a new problem, but it does exist here, and this is a serious problem. I have a very simple understanding of this and I have never designed a case test before. I just went through some books and found some materials in this summary, the results show that you can use the example "'or 1 = 1 --" (there are many more) that has been circulating on the Internet to log on to the system as the user name and password, we all know the seriousness of this problem. We need to acknowledge my dereliction of duty. I have not found this bug before! There are also many examples on the Internet to solve this problem. It is not difficult to prevent SQL injection. It lies in our thinking. The logon interface is the entrance to most software. Only users here can use the software normally. Most of our company's systems also have distinctive logon interfaces.
A logon interface is relatively simple in terms of functions and interfaces, and everyone has been familiar with countless logon interfaces. The basic logon interface includes the account input box, password input box, verification code input box, logon button, and reset button, the complexity also includes the operation buttons or operation links such as remembering accounts, registering accounts, forgetting passwords, and logging on to security. Some of them also have the appropriate text with a friendly reminder.
Case Description
GeneralTestUse Cases:
1. Verify that the static text information such as the logon interface title and input box title is correct.
2. Verify that the button name is correct.
3. Verify that the user name and password are correct.
4. Verify that the user name is incorrect and the password is correct. the user cannot pass the logon verification and provides the corresponding prompt information.
5. When the user name is verified to be correct and the password is incorrect, the user cannot pass the logon verification and provides the corresponding prompt information.
6. When both the user name and password are incorrect, the user cannot pass the logon verification and give the corresponding prompt information.
7. Verify that the logon is successful and the correct homepage appears.
8. failed to verify logon. It cannot be displayed on the home page.
Critical Value test case:
9. When the verification username and password are empty, the user cannot pass the logon verification and give the corresponding prompt information.
10. If the verification username is blank, the user cannot pass the logon verification and provides the corresponding prompt information.
11. When the verification password is blank, the user cannot pass the logon verification and provides the corresponding prompt information.
12. Verify that the username length is 19, 20, or 21 (assuming that the username length is 20 ).
13. Verify the password length when it is 9, 10, or 11 (assuming the password length is 10 ).
Usability test cases:
14. Verify that common shortcut keys are supported. (After entering the user name and password, press enter to log on, CTRL + X, CTRL + C, and CTRL + V (some web page password input boxes do not support pasting), CTRL + A, etc)
15. Verify the username and account processing status when logon fails. (Are usernames and passwords cleared? Or select the two to make it easier for users to enter them again? Or not? A good practice is to clear the password and retain the user name. The user name will be selected at the first click .)
16. Verify that the user name of the last logon is remembered when you log on again after the login is successful, so that you can enter the user name again.
17. Verify that the first time you open the logon interface, the mouse input focus is in the user name input box for you to enter directly.
18. Verify that if you remember the user name when you open the logon page again, the mouse focus is in the password input box to facilitate direct input.
Security test cases:
19. Verify that the logon system is well protectedSQLInjection. use special characters or SQL keywords as the user name and password to log on.
20. verify whether the user name and password are saved after the user logs on successfully.
21. Verify where it is stored and whether it is protected. If it is stored in plain text, it will be a security vulnerability.
Examples
Many systems in our company provide the use of digital certificates (KEYS) for Logon due to special needs. Due to restrictions, this login method cannot be tested. We will not discuss this method here.
Here, I want to use the XX system logon interface of my company as an example. Based on the test cases mentioned above, it should be noted that I did not specifically want to find xx, I just think that using our company's system as an example is more relevant. Besides, I am familiar with xx system and XX system has an Internet Test address.
The logon interface of XX is concise and clear. For "General logon mode", only the "user name" text input box, "password" text input box, "Logon", and "reset" buttons are available.
Use the test cases above for one-to-one testing and the following results are obtained:
1. The expected output results are obtained for both conventional test cases and critical value test cases.
2. In the usability test case, use case 14 gets the expected output.
3. In the usability test case 15, the output result is that when logon fails, the password is cleared and the user name is retained so that the user can enter the password again.
4. In the usability test case, Case 16 does not get the expected output, that is, the user name is not remembered when you re-open the logon interface next time.
5. In usability test cases, test cases 17 and 18 do not get the expected output, that is, the mouse input focus is not set.
6. in the Security Test Case, Case 19 did not get the expected output, and did not prevent SQL injection. For example: if you enter "'or 1 = 1 --" in the user name and password input box, you can bypass the background logon verification and directly log on to the system. For example: enter "or" in the username input box and log on to the system. The displayed page is the "SQL statement execution error" prompt page. There are a lotDatabase.
Result Analysis
According to the above test results, we can find that the logon interface of XX system is better in both appearance and basic functions, and there will be no problems under normal circumstances.
We have not done enough in terms of the ease of use of the system and have not considered it in detail, because it is easy to ignore this aspect, so many people do not care too much about this aspect, not to mention that the development time is so tight. But now the society is increasingly demanding on the quality of software products. Many times these small aspects will reflect the competitiveness of software products, because this is also the consideration of software products for users, the embodiment from the user's point of view is the embodiment of human nature. In fact, this is not a very difficult technical issue, but an issue of thinking. Therefore, I think it is necessary for us to think more about ease of use. Of course, this is the responsibility of each of us!
For security, SQL injection is not a new problem, but it does exist here, and this is a serious problem. I have a very simple understanding of this and I have never designed a case test before. I just went through some books and found some materials in this summary, the results show that you can use the example "'or 1 = 1 --" (there are many more) that has been circulating on the Internet to log on to the system as the user name and password, we all know the seriousness of this problem. We need to acknowledge my dereliction of duty. I have not found this bug before! There are also many examples on the Internet to solve this problem. It is not difficult to prevent SQL injection. It lies in our thinking.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
