Web page test case (very practical)

Source: Internet
Author: User

Transferred from: http://blog.csdn.net/yuki_ying/article/details/54946541

One, Web test, all kinds of Web control test points Summary

First, interface check
Go to a page test, the first is to check the title, page layout, fields, etc., rather than immediately into the text box check
1, page name title is correct
2, the current location is not visible your location: xxx>xxxx
3, Text Format unity
4, the layout is neat
5, the list item display field is complete, whether the list item field name is consistent with the form
6, the same page, whether the field name is the same, the value of a different problem.
7, data loading situation: In addition to the value of the text box, but also note:
check box, whether save hit √, or save not hit √
Drop-down box, whether to save the selected value
Multiple text boxes, whether the values are saved, spaces, whether the newline is saved

Two, single text box (Type=text)
Boundary: Field length
Empty: Whether it can be empty
Uniqueness: Whether unique (small due to: boundary, empty, uniqueness, special character, correctness)
Consider language, operating environment
Special symbol Test Input:
' or 1<> ' 1 ' or ' 1 ' = ' 1 ' or ' 1 ' <> ' 2 ' |? ><
where a= ' xxx ' underline whether to allow input of all spaces enter single quotation marks
><script>alert ("123");</script>>
Special Field input Qualification:
Box content is legal (Tel,ip,url,email) serial number, etc., direct limit input number, other filter out
Enter the amount text box, the first integer is 0, filter out, after the decimal point, generally retain two valid digits.
Correctness test: (an essential step)
1), (when the length of the field is entered for maximum allowable length) The data allows for a test of length:
A, whether the page is extruded test (all input long English string, whether to break);
b, whether the database allows maximum characters (both input Chinese characters, all input English, mixed ...) ;
C, the shortest length of the correct process, the maximum length of the correct process coverage.
2), for the Allow empty field, do not fill in, again after the data is passed, see if the 500 error is reported.
3), do not specify the length of the field (or numerical size), do not press the rigid input, input very many characters (or very large values), do allow the correctness of the action check, see if the error. (Results to be achieved: regardless of the length limit (not giving the longest, maximum limit for you to test?) ), the final page cannot throw a database exception. ) monkeytest
Description: Through constant input long string, see if there is a length check;
In the end, there will be one of the following two scenarios:
A, the page (front desk) has a check length, size;
B, no calibration, database error.
So: all the fields to do the length, size limit (regardless of whether the need to give a clear request, regardless of the test granularity, you have to limit the length, not allow the database error, are measured!!!) )。 The maximum length limit can be limited to 1, no re-entry is allowed, 2, automatic truncation processing, and user prompt.
About the concept of length:
1, the database specified byte length a
2. Number of characters you can enter on the page b
Control method:
1), on the page, no matter what characters are entered (full-width such as Chinese characters, half-width, such as letters), uniform provisions can not exceed the B characters, such restrictions,
Test point: All input full-width B, test (b*3 bytes) will not exceed database byte length
All input half-width B, test (b*1 bytes) will not exceed database byte length
Mixed input full angle X half angle y, Test (x*3+y bytes) will not exceed database length
2), on the page, not by the character statistics, the total input byte count, for example, all input full-width characters, allow to enter a/3 characters, all input half-width characters, allow the input of a character (Minsheng network design)
Test point: All input full-width, see if Allow input A/3 characters
All input half-width to see if a character is allowed to enter
Mixed input full-width x, half-width Y, see if X*3+y=a is allowed
(5): Empty, unique, boundary value, special characters, correct flow (multiple data, multiple branches)
+ Test Check location: Ajax mouse Event Check, foreground submit button JS Check, the server to get the data and verify again

Three, multi-text box (Type=textarea)
1), spaces and line-wrapping issues, see the needs, whether to do support HTML Encoding
When you enter all the blanks, are you sentenced to empty processing? "" Space,.
Enter a fold line, do you want to show the line as well?
For example, the column points explain why, you need support.
2), the letter truncation problem
For a string of letters, developers tend to forget to do truncation, so if displayed on our platform, this string of letters will open up our UI
3), Length control format, you can also enter * * * characters

Four, add button
To add an action Check range:
Failure: Prompt
Prompt content is correct
On failure: Save what the user has entered and avoid re-entering
Success: Dialog box disappears
Can records be viewed directly (and also refreshed?) )
List record order
Repeat the submission, after one click, whether it becomes disable
Add attachments to upload:
A. File name: File name is very long, file name character diversification (Chinese characters, English, symbols); duplicate file name.
B. An empty sentence?
C. Attachment format type support?
D. Number of attachments?
E. The size of the attachment space.

V. Removing buttons
1. In general, the front desk will be given a prompt operation "OK to remove the ..."
2. What is associated, whether you need to restrict the removal of "applications that exist under this type, cannot be removed" has a background comparison
3. After the determination, the removal operation is really performed.
Results:
If the list data disappears immediately after removal.
There must be a message confirming the deletion

Vi. List
1), List record order
2), whether the need to turn pages, there is no paging function
3), whether the field name is consistent with the form

Seven, search-text box
1, function points, demand points to consider:
whether to provide fuzzy query, the input value has a kind of qualified, whether consider switching to drop-down box search;
2, Checkpoint:
Whether the text box value disappears (backfill condition value), click "Query" again You can view all records,
Consider search results: whether there are pagination, whether the paging is normal, whether it is orderly,
Note whether the paging still saves the query criteria, check whether the following records meet the criteria
3, query data diversity:
Enter a field value test that does not exist, Includes special character query tests such as: ' or ' 1 ' = ' 1;
If a query is executed when a condition similar to a program statement is entered, such as: XXXX ", XXX and;
4, Operation type:
1) query not entered
2) Enter all spaces in the query
3) Fuzzy query (enter some fields, or enter English letters, query to relevant Chinese data)
4) Enter a non-existent query
5) Enter the existing query
6) Single query and multiple conditional compound queries.

Eight, search-drop-down box
Check points:
A) The search results are orderly;
b) The value of the drop-down box is complete; (The drop-down box value itself is also the result of a dynamic query)
c) If the drop-down box value disappears automatically, click "Query" again to see all records (whether to backfill the condition value);
D) Whether to save the search condition when paging.
(from the perspective of UI, development, business logic, user usage, etc.)
Ps:
The above summary, is relatively purely from the page control point of view Test point, for a complete test of a whole page, the need for a variety of tests organically combined:
1) UI test:
Page layout, page style check, whether the length of the control is long enough, whether it will be truncated when it is displayed, the supported shortcut keys, the TAB key to toggle focus order correctness, etc.
2) Functional Testing: The test range of various types of controls on the page, test points, can refer to the above
Complements the checkpoint with the actual effect of the control: for example, whether the password box is displayed, whether the input is trim, etc.
3) Security test: Input special characters, SQL injection, script injection test
Background verification test, for more important forms, bypass JS test background validation
Data transmission is encrypted processing, for example, direct request forwarding, the address bar directly display the sending string?
database storage, special passwords, etc., are stored in encrypted form
4) Compatibility test
5) Performance Test


two. Common function point test ideas


Based on experience, summarize the common function points of the test ideas:
1. New or created (add or create)
.1 page after Operation Point to
.2 after operation all control data that binds to this data source is updated, the common sort order is stack stack type, LIFO
.3 whether the cancel operation was successful
2. Editing or updating (edit or update)
.1 page after Operation Point to
.2 after operation all control data that binds to this data source is updated
.3 whether the cancel operation was successful
.4 does the editing interface read the correct, full data source
.5 record editing feature availability in workflow
.6 Effective time and effective scope of operation success
3. Deleting or removing (delete or remove)
.1 page after Operation Point to
.2 after operation all control data that binds to this data source is updated (below is the bug that the tab data is not refreshed immediately after deletion)
.3 whether the cancel operation was successful
.4 record editing feature availability in workflow
.5 The effective time and the effective scope of the operation (for example: shopping site, store goods under the shelf, and did not delete the buyer's purchase records at the same time)
4. Check or select all (check or check all)
.1 multiple pages, select all to be valid for all pages
.2 supports individual selection of multiple pages, and remains selected when viewing
.3 The operating range of the buttons on the interface is controlled by the selected function
.4 The previous page is selected, and the original state should be retained after turning pages
.5 Select All-"Remove a single radio-all buttons to remove the selected state

Iii. talk about the classification of performance test

The performance test simulates various normal, peak, and abnormal load conditions through automated test tools to test the system's performance indicators. Both load and stress tests are performance tests that can be combined. Through load testing, the performance of the system under various workloads is determined, and the goal is to test the changes of the performance indicators of the system when the load is gradually increasing. A stress test is a test of the maximum service level that the system can provide by identifying a system bottleneck or a performance point that cannot be received.
First, the Acceptance performance test (narrow) performance test method is to test the performance of the system to meet the production performance requirements by simulating the operating pressure of production and the combination of usage scenarios. In layman's terms, this approach is to verify the capability State of the system under certain operating conditions.
Features: 1, the main purpose of this method is to verify whether the system has the ability to claim the system. 2, this method should understand the classic scene of the tested system in advance, and have the definite performance target. 3. This method requires operating in a defined environment. In other words, this approach is a prerequisite for the understanding of the system performance and has clear objectives for the requirements and is carried out in the established environment.
The load test is continuously pressurized on the system being tested until the performance index reaches its limit (for example, "response time") exceeding a predetermined target or a resource has reached saturation.
Features: 1, the main purpose of this performance testing method is to find the limit of the system processing capacity. 2, the performance test method needs to be carried out in a given test environment, usually also need to consider the test system's business pressure and typical scenarios, so that the test results have business significance. 3, this performance test method is generally used to understand the performance capacity of the system, or with performance tuning to use. In other words, this method is a continuous pressure on a system to see when you have exceeded "My requirements" or system crashes.
Three, pressure test (strength test) (Stress test) pressure test method test system in a certain saturation, such as CPU, memory in saturated use, the system can handle the ability of the session, and whether the system error
Features: 1, the main purpose of this performance testing method is to check the performance of the system under the pressure performance of the application. 2, this kind of performance test generally through the simulation load and other methods, make the system of resource use to reach a high level. 3, the performance test method is generally used to test the stability of the system. In other words, the test is to let the system under a great intensity of pressure, to see if the system is stable, where there will be problems.
The Concurrency test (Concurrency testing) concurrency test method tests whether multiple users have a deadlock or a performance problem with concurrent access to the same application, the same module, or data logging by simulating user concurrent access.
Features: 1. The main purpose of this performance testing method is to discover the problems of concurrent access that may be hidden in the system. 2. This performance testing method focuses on the possible concurrency problems of the system, such as memory leaks in the system, thread locks, and resource contention issues. 3. This performance test method can be used in various stages of development to use the relevant testing tools for the coordination and support. In other words, this test focus is that multiple users simultaneously (concurrently) Pressurize a module or operation.
Configuration Test (config Testing) configuration test method through the adjustment of the software and hardware environment of the tested system, we can understand the degree of different effects on the performance of the system, and find the optimal allocation principle of the system resources.
Features: 1, the main purpose of this performance testing method is to understand the extent of the impact of various factors on system performance, so as to determine the most worthwhile tuning operation. 2. This kind of performance test method is generally carried out after a preliminary understanding of the system energy condition. 3, this performance test method is generally used for performance tuning and planning capabilities. In other words, the focus of this test is "fine-tuning", through the hardware and software of the non-paragraph adjustment, to find out their best state, so that the system to achieve the strongest state.
Vi. Reliability Testing the system runs for a period of time by loading a certain amount of business pressure on the system (e.g., the utilization of resources at 70%-90%) to detect the stability of the systems.
Features: 1, the main purpose of this performance testing method is to verify whether to support long-term stable operation. 2. This kind of performance test method needs to run under pressure for a period of time. (2-3 days) 3, the test process needs to pay attention to the health of the system. If the testing process is discovered, the response time changes significantly over time, or the system resource utilization is significantly fluctuating, it may be a symptom of system instability. In other words, the focus of this test is "stable", do not need to give the system too much pressure, as long as the system can be in a stable state for a long time.
Vii. Failure Recovery Testing If the system fails locally, the user can continue to use the system, and if this happens, how much will the user be affected.
Features: 1. The main purpose of this performance testing method is to verify whether the system can continue to be used in the case of local failure. 2. This performance testing approach also needs to point out the "How many user access" conclusions and "what contingency measures" to take when a problem occurs. 3. In general, this type of testing is only required for systems that have a clear requirement for the system's continuous operating indicators.
Eight, big data volume testing for some systems storage, transmission, statistical query and other services to carry out large data volume testing.
The main characteristic of the fatigue strength test is the pressure of the target test system for a long time, the aim is to test the stability of the system, the duration is generally more than 1 hours; the feeling is equivalent to the reliability test.
Note: When doing performance testing, forget about classification. For example, running for 8 hours to test the reliability of the system, and this test is likely to include reliable performance measurement, strength testing, concurrency testing, load testing, and so on. Therefore, in the implementation of performance testing must not be fragmented their internal links to do, and should analyze the relationship between them, in an efficient way to design performance testing.

Iv. Several case in the Web test

One, on the page to cause a large number of data submitted button/link after one click, disable
Demand:
For important forms, a large number/slow response system, when doing the submission, there are also pages in the loading state, at this time to do two consecutive clicks, often caused a variety of error, in this case, need to put forward the button/link click once, do disable
Test:
1), check the page source code whether there is script control, for example:
<a href= "javascript: $ (' #next '). Val (' true '); Buttondisable (); Headerformsubmit (); "type=" Submit "class=" BTN "id=" Nextbutton "> Next </a>
function buttondisable () {
$ ("#nextButton"). attr ("Disabled", "disabled");
}
2), debug the script,
You can use the Firebug tool, on the Script tab, in $ ("#nextButton"). attr ("Disabled", "disabled"); This line of script settings disable, click Nextbutton, check Run to breakpoint stop, button cannot be clicked again. After the breakpoint is run, the disable is lifted.
Second, the new database field testing needs to consider several points
1), from the database check, check the related table: the original table, the history table, and the table with its synchronization library have all added this field, and note that in each table, the field type is uniform
2), check: Consider the type of the field itself, the null, boundary, uniqueness, special characters, the correctness of the allowed data
In particular, when making a null, if the field is not allowed to be empty, consider: you need to commit the script initialization history data set Dafault value
3), process coverage: Consider the field coverage to which several related pages, testing to the entire process, each page check to be consistent;
Three, check the log test several operations
In general, projects are deployed in Linux environments, some need to check log when testing, or some services need to be restarted by themselves, some basic Linux operation commands are required:
1), first connected to the Linux system on the machine, you can use the Putty software, to have the server address + port + protocol Loginname+password, you can log in
2), CD-to-script or log-placed folder location to restart the service or view log, there are some common commands
Less file name (W page UP, F PAGE DOWN, shift+f Auto page, CTRL + C stop auto page);
grep "findString" file name;
Execute script:.. /script name or sh./

v. Common Web security issues and test methods

Web security is the two focus that our test team has been keeping abreast of performance tests. The process of development also needs to pay attention to the escape of the place to escape, the shielding of the local shielding, the filter of the local filter and so on. At the end of the year, there is bound to be a large number of lottery raffle activities such as development, on-line, in this process, the security issue is each of us should be tense nerves, for our testers, each activity needs to do manual safety test plus automated safety testing combined.
Common Web security issues include the following:
SQL injection, cross-site scripting attacks, cross-site forgery requests, directory traversal, message header injection, page error messages, and more.
For manual safety testing, three points are commonly used:
1, the URL has parameters, manually modify the parameters to see if the other user's information and related pages;
2. Enter ' or 1=1--' or ' 1=1--in the login input box to see if there is SQL injection;
3, in the focus on SQL injection at the same time, generally in the input box where the input
For automated security testing:
Test group is currently using the security Testing tool for IBM AppScan (of course, is cracked version, 34 has been spared the tool's installation package)
1, before use must confirm oneself binds the host;
2, configuration URL, development environment, error display type;
3. The results can be saved and analyzed according to the problem type and solution suggestion.
The test points that Web security tests typically consider:
1, the input data is not effective control and verification
2. User name and password
3, directly enter the need to access the Web address can be accessed
4. The authentication and session data are sent as part of get
5. Hidden fields and CGI parameters
6. No restrictions on uploading files
7. Send data validation to client verification
8. Cross-site scripting (XSS)
9. Injection-type Vulnerability (SQL injection)
10, improper handling of the exception
11. Insecure Storage
12. Insecure Configuration Management
13, the password in the transmission is not encrypted
14. Weak password, default password
15. Buffer Overflow
16. Denial of Service
SQL injection:
The so-called SQL injection, that is, by inserting SQL commands into the Web form to submit or enter the domain name or page request query string, and finally to deceive the server to execute malicious SQL commands, such as many previous film and television sites leaked VIP membership password is mostly through the Web form to submit query character burst out, Such forms are particularly susceptible to SQL injection attacks. (
(SELECT * Form table where id=1 or 1
1 or 1 is the input box input
This will cause the data that satisfies id=1 or 1 to be detected
And all the data meet 1
So we can find out a lot of data that shouldn't be detected.
This is SQL injection)

Web page test case (very practical)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.