Quality is delighting customers
I need more information on this because you can not just get the user information without any access rights. So there should be some authenticated session where user can get the user information through account no, so first we need to test that unauthenticated person can not have access to get the information of the user.
There should be some validation on Account No, i.e., Numeric, alpha numeric, field width, etc... so verify this with such validations.
If your request needs to be sent this account no in encrypted format then need to verify that when we are sending this information in decryption format then system is throwing a generic error message.
All scenario needs to be tested based on requirement.
Thanks for the quick reply.
Yes it is authenticated session.
What if user is unauthenticated person.