1. While typing the password should be displayed as stars (****), no characters should be displayed
2. Copy paste of typed password in the text field should not be allowed
3. Need to verify boundary conditions
4. Login successfully and make logout Click the back button on browser page
the page should not be displayed
1) Nowadays, we have virtual keyboard, Is your password fields uses that?
2) Is it case sensitive?
3) Boundary value conditions?
4) Can be empty?
5) Can Copy paste can work?
6) What is the requirement say: Special characters inclusion etc?
... So, unless you have a specific requirement, it is very tough to answer this question.Please be more specific if you want the real answer....
- make sure the letters added should be in *
- when you paste the password, it should not allow( it depends on requirement specification)
- Should be case sensitive
- should allow all special characteres and numbers in the password
- successful login to the application
- after login browser back should not keep the password details
- should allow spaces?
- better to have confirm password field also (depends on RS -Requirement specification)
- do not enter password and try login - (expect to see error message)
- do not enter login name just enter password - (expect to see error message)
- After valid login details, close the browser and open it. Try this time with wrong password (expect to see error mesage)
Rest of the testing depends on requirements.
If we need to test the password field as per security point of view so how many types of Sql injection attacks we can check in password field?if anybody has new attacks to test that?and from how many ways a hacker can break our website without password?how to stop them?
Instead of example tests let me share some tricks for executing the tests.
Forms with User and Password fields need to restrict what can be entered into those fields and validate what is entered. As a hacker I need to get around the controls for what I can enter and then subvert the validation.
Validation may happen within the page itself or server side. Restricting what data I can enter and the validation that occurs in the page is obviously the easiest to get around so let’s look at that.
Once the page has loaded save the HTML page locally (right click > save page as) this should save the HTML page and images that are needed. Now open it for editing.
In the page source search for the password field, it should look something like this: input type="password" size="20" with a few other attributes such as name or ID. This means we’ll see *** when we enter characters and we can only enter a maximum of 20. Let’s change this, change it's type from 'password' to 'text' so that when you type passwords you can see the characters and then change the size to 200. Our password field now looks like this input type="text" length="200"
Out of interest this is the way to break other form elements such as checkboxes or drop-down menu options. Just change them in the local copy of the HTML page you have and see what you can break by doing so. The thing to watch is the names or IDs of the fields as these are most important when you submit the form. Another thing here is form element names and IDs are often exactly the same as the name of columns the data will go into in a database. This alone is a security risk and a route for your more elaborate hacking attempts, now you just need to guess the table name, which might be the name of the form (see that before) and you're away with SQL fun.
Meanwhile...save the HTML page locally that you just edited and try running your tests.
Look back at the source for the HTML page and find the submit button. If it’s written something like onSubmit=”login_validation();” then we know that script is being called. The simplest way to get around this is to delete the reference to the script and see if you can still submit the form but this time knowing there’s no validation running.