Security Testing for eGift
Security testing is a process to determine that an information system protects data and maintains functionality as intended.
The five basic security concepts that needs to be covered by security testing are:
1 Confidentiality
2 Integrity
3 Authentication
4 Authorization
5 Availability
Confidentiality
A security measure which protects against the disclosure of information to parties other than the intended recipient that is
Integrity
A measure intended to allow the receiver to determine that the information which it is providing is correct.
Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they
usually involve adding additional information to a communication to form the basis of an algorithmic check
Authentication
It is a type of security testing in which one will enter different combinations of usernames and passwords and will check wh
The process of establishing the identity of the user.
Authentication can take many forms including but not limited to: passwords, biometrics, radio frequency identification, etc.
Authorization
The process of determining that a requester is allowed to receive a service or perform an operation.
Availability
Assuring information and communications services will be ready for use when expected.
Information must be kept available to authorized persons when they need it.
Session Expiration
What messages application is dispalying when the system is untouched or if user forgets to log out of the system.
Cookie Testing
Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by
web browser to retrieve information from that machine. Generally cookie contains personalized user data or
1) Session cookies: This cookie is active till the browser that invoked the cookie is open. When we close the
browser this session cookie gets deleted. Some time session of say 20 minutes can be set to expire the cookie.
2) Persistent cookies: The cookies that are written permanently on user machine and lasts for months or years.
Where cookies are stored?
When any web page application writes cookie it get saved in a text file on user hard disk drive. The path where
the cookies get stored depends on the browser. Different browsers store cookie in different paths. E.g. Internet
Here the “Default User” can be replaced by the current user you logged in as. Like “Administrator”, or user name
The cookie path can be easily found by navigating through the browser options. In Mozilla Firefox browser you
can even see the cookies in browser options itself. Open the Mozila browser, click on Tools->Options->Privacy
How cookies are stored?
Site: Rediff.com Cookie name: ci_session
Name: RMID (Name of the cookie)
Content: 298010556%22%3B%7Db6f4264abe003f5e3995e708e5ba03b8
Domain: .mg-india-s01
Path: / (Any path after the domain name)
Send For: Any type of connection
Expires: Friday, February 18, 2011 1:59:37 PM
Utma, utmb, utmz cookies
Jump to: navigation, search
These cookies track visits on sites that use Google Analytics.
Some details:
__utmz tracks where a visitor came from (search engine, search keyword, link)
__utma tracks each user's amount of visits, and the time of the first, the previous, and the current visit (presumably partly f
__utma=161125547.37917129.1207701441.1207701633.1207701765.3
__utma=......
execute SQL statements on the database. This is called SQL injection.
, their transaction details etc.
Test Case Template (Security Testing)
Project Name :-eGift
Start Date :- Total Test Cases
End Date :- Test Case Type: Security Testing
Tested on: Mozilla Browser URL used: http://mg-india-
s01/egift_testing/login/merchant
Test Case
Sr.No. Action / Steps to Execute Test Data
Module:Login (Confidentiality)
1 Insert username and password
2 Try to copy the password and paste it in the
notepad
Module:Login(Integrity)
3 Create user from front end
4 Delete the user from the backend
Try to login to the application using deleted
username
Module:Login (Authentication/ Authorization)
5 Insert valid Username and password shree@mediaglintindia.com
Click login 123456
6 Copy the logged in URL and paste the URL in same
browser but different tab
7 Copy the url and paste the URL in some different
browser(IE8)
8 Insert valid username and password to login
Click the remember me on this computer link
9 Copy paste the URL in some different browser
10 Login using username and passwrod click Login
Start the second machine and login to the
application with same username and password
and click Login
11 Insert valid username and wrong password shree@mediaglintindia.com
abcde
12 Insert invalid username and valid password shree123@mediaglintindia.com
123456
13 Insert a invalid username and password
Click Login
14 Repeate the same step for 5 times
15 Try to login to the system with valid username and
password
16 Insert valid username and valid password
Copy the password and paste the password in a
notepad
17 Insert valid username and valid password
click Go back arrow available in the browser
Click Go forward arrow
18 Insert valid username and valid password
Click Login
Click the Go back arrow till it gets disabled
Click the Go forward arrow
19 Do not enter anything in the username and
password field
Click the Forgot password link
20 Insert the wrong email id (which does not exist in
the DB)
21 Insert the valid email id
22 Enter this address in the browser
http://mg-india-
s01/egift_testing/login/merchant/shree123@medi
aglintindia.com/123456
Module: Authorization-Elevation of Priviledges
Admin/Staff/Merchant User Priviledges
Check: User Login Priviledges to the respective
users only.
Check: Admin user account details/ change
password -update
Check: Pre -made Template priviledge for admin
Check: Pre -made Template priviledge for
merchant
Check: Card category priviledges
Check: Card Designs priviledges to admin
Check: Card Designs priviledges to merchant
Check: Manage Roles priviledges to admin
Check: Manage Staff priviledges to admin
Check: Manage Staff priviledges to admin
Check: Manage Staff priviledges to admin
Check: Priviledge of Employee Logs of user
Check: Manage States Priviledge
Check: Manage Industries Priviledge
Check: Manage Permission Priviledge
Check: System timezone Priviledge
Check: Default IP Address Priviledge
Check: Site Content Priviledge
Check: IP Restriction Priviledges
Check: Email Template(Notification) priviledges to
admin
Check: Reminder Campaign priviledges to admin
Module Login(Credential Theft)
Try to access the application using valid username
and password
for some malicious attack
Module:Login (Availability)
Verify that the site is available 24x7
23 Invoke the site at 6:00 am insert username and
password
24 Invoke the site at 3.00 am insert username and
password
25 For maintenance
Module:Login (Session Expiration)
26 Insert username and password and click login
buttton
Keep the system idle for an hour
27 Insert username and password and click login
buttton
Keep the system on and do not lo out of the
application
28 Insert username and password and click login
buttton
do not logout of the application and turn off the
computer
29 Try to login your account from different computer
Module:Login (cookies)
30 Insert username ans password and click login
button
Go to Tools->Options->Privacy tab-> Remove
individual cookie link
31 Remove the file
Again login to the application using username and
password
32 Insert username ans password and click login
button
click on some tabs and links available on the site
do not sign out
Go to Tools->Options->Privacy tab-> Remove
individual cookie link
Delete ci_session cookie
Click again on some tabs and links
33 Insert username ans password and click login
button
click on some tabs and links available on the site
Go to Tools->Options->Privacy tab-> select Use
custom settings for history option from the drop
down
Click show cookies button
34 Check the path of the stored cookies
35 Try to copy paste the cookie folder at any location
36 Try to drag the folder at some location
37 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
38 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
39 Check the contents of the cookie files
40 Check the login and logout time using cookies
41 Insert Username, password click login
Select Card design and click publish
42 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Check the status of cookie ci_session
43 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Check the contents of cookie ci_session
44 Try to copy the content and paste it in the browser
45 Try to copy the content and paste it in the notepad
Module:Login (Attack) Validation checks
46 For account number validation limit is
1-14 digit, Numeric
47 Space is not allowed in 1-14 characters
Try to insert blank account number and try to got
to the next page
48 For password field try to add a blank password and Case Sensitive,alphanumeric,
try to go to the next page allow special characters, mix up
of uper and lower case,do not
allow space
Module:Login (Dictionary Attack) Validation checks
49 Try to guess the password- Username: admin
Open admin login page in the browser Password: admin
50 Try to keep the password same as your username Username: admin
Password: admin
Try to login by numeric data password Username: admin
Password: 123456
Try to login with alphanumeric data password Username: admin
Password: admin123456
Try to login with alphanumeric data password Username: admin
Password: 123456admin
Try to login with password with caps Username: admin
Password: ADMIN
Try to login with password with combination of Username: admin
alphanumeric (alphabets in caps) Password: ADMIN123
Try to login with password with combination of Username: admin
alphanumeric (alphabets in caps) Password: 123ADMIN
Try to login with alphanumeric data and Username: admin
undescore password Password: admin _123
Try to login with combination of alphanumeric and Username: admin
special characters Password: admin.123 _admin
Merchant login if user email address is known. Email:
Open merchant login and try to guess the shree@mediaglintindia.com
password Password: shree
Merchant login if user email address is known. Email:
Open merchant login and try to guess the shree@mediaglintindia.com
password by alphanumeric combination Password: shree123
Merchant login if user email address is known. Email:
Open merchant login and try to guess the shree@mediaglintindia.com
password by alphanumeric combination with Password: shree_82_04_05
user's date of birth
Merchant login if user email address is known. Email:
Open merchant login and try to guess the shree@mediaglintindia.com
password by alphanumeric combination. Password: shree_mediaglint_28
Merchant login if user email address is known. Email:
Open merchant login and try to guess the shree@mediaglintindia.com
password by alphanumeric combination, character Password: MG_shree
in caps.
Merchant login if user email address is known. Email:
Open merchant login and try to guess the shree@mediaglintindia.com
password by alphabetical data, character in caps. Password: MEDIA_SHREE
Merchant login if user email address is known. Email:
Open merchant login and try to guess the shree@mediaglintindia.com
password by user's info like with mobile no. Password: 9988550123
Module:Login (Brute Force Attack) Validation checks
51 Try to intentiionaly change any users password
using forgot password link (Malicious user)
52 create username with existing id
53 For each manadatory field
54 Skip the mandatory field data of any one field and
continue
55 Skip the mandatory field data of all the fields and
continue
56 Try to login the system using invalid password for
5 times(malicious user attack)
57 Try to guess the user and his details from the URL
and try to access his details
58 For ex if the URL is like www.site-
example.com/users/calendar.php/user1/2007071
5
malicious user can try out for
www.site-
example.com/users/calendar.php/user2/2007071
5
59 URL address site should not display full path of the
webroot and its folder
60 following URL are more vulnerable to the attacks:
http://some_site.com.br/some-
page.asp?page=index.html
61 Following format parameters should not be there
in your application :
•"%x" Read data from the stack
•"%s" Read character strings from the process'
memory
•"%n" Write an integer to locations in the process'
memory
62 Login to the system using valid username and
password
Click page appearance page
Fill all the information on this page
Click back button and again forward button
63 Login to the system using valid username and
password
Click page appearance page
Fill all the information on this page
Click bookmark->Recently bookmarked page-
>open previously open form/link which you wish
to browse
Click the page appearance for page
64 If there are many forms on the page and you have
filled data of page 2 and clicked Bookmark
favourite site
65 Login to the system using valid username and
password
Click page appearance page
Fill all the information on this page
Click the reload button
66 Login to the system using valid username and
password
Click page appearance page
Fill all the information on this page
Click the minimize window button
63 Login to the system using valid username and
password
Click page appearance page
Fill all the information on this page
Try to manually resize the browser window
64 Login to the system using valid username and
password
Click page appearance page
Check the cursor position
65 Login to the system using valid username and
password
Click page appearance page
Check the background image radio buttons
66 Check the status of the radio buttons on all the
pages
67 Check the standard of all drop down list boxes
throughout the application
68 Check the alphabetical order of the data available
in the drop down list box
69 Check the selection of data from the drop down
list box
70 Check the horizontal length of the data
Check the vertical scroll bar for more than 20 rows
Check the horizontal scroll bar
Module:Login (Sql Injection)
71 Insert valid username and valid password shree@mediaglintindia.com
123456
72 Insert valid username and invalid password shree@mediaglintindia.com
abcde
73 Insert valid username and blank password shree@mediaglintindia.com
Password: Blank
74 Insert any sql statement in the username and Username:' Or '1' = '1
password field Password: ' Or '1' = '1
75 Insert any sql statement in the username and Username:' Or '1' = '2
password field Password: ' Or '1' = '2
76 Insert any sql statement in the username and Username:' Or '1' = '3
password field Password: ' Or '1' = '3
77 Insert any sql statement in the username and Username:' Or '1' = '99
password field Password: ' Or '1' = '99
78 Insert any sql statement in the username and Username:' Or '1' = '100
password field Password: ' Or '1' = '100
79 Insert any sql statement in the username and Username:' Or ' '= '
password field Password: ' Or ' '= '
80 Insert any sql statement in the username and Username:' Or ' = ' Or '
password field Password: ' Or ' = ' Or '
81 Insert any sql statement in the username and Username:' b ' Or 'a' = 'a
password field Password: ' b ' Or 'a' = 'a
82 Insert any sql statement in the username and Username:admin
password field Password: 0 1= ' -
83 Insert any sql statement in the username and Username:' OR '' = ' OR '1 ' = '1
password field Password: ' OR '' = ' OR '1 ' = '1
84 Insert any sql statement in the username and Username:' OR 1 = 1 --
password field Password: ' OR 1 = 1 --
85 Insert any sql statement in the username and Username:' OR a = a --
password field Password: ' OR a = a --
86 Insert following values in the link: http://mg-india-
s01/egift_design/login/admin=1
87 Insert following values in the link: http://mg-india-
s01/egift_design/login/admin?99
88 Insert a question mark in the link: http://mg-india-
s01/egift_design/login/admin/?
89 Insert a question mark in the link: http://mg-india-
s01/egift_design/login/admin/^
90 Insert a question mark in the link: http://mg-india-
s01/egift_design/login/admin/@
91 Insert a question mark in the link: http://mg-india-
s01/egift_design/login/admin/#
92 Insert a question mark in the link: http://mg-india-
s01/egift_design/login/admin/$
93 Insert a question mark in the link: http://mg-india-
s01/egift_design/login/admin/%
94 http://mg-india-
s01/egift_design/login/admin/&&*(
95 Insert hyphen in the link http://mg-india-
s01/egift_design/login/admin/--
96 Insert plus symbol in the link http://mg-india-
s01/egift_design/login/admin/--
97 Login to merchant panel with valid login details
Click tab Email Notification
98 Open different browser and copy patse the link
http://mg-india-
s01/egift_design/merchant/sender_confirm~
99 Open different browser and copy patse the link
http://mg-india-
s01/egift_design/merchant/sender_confirm^
100 Open different browser and copy patse the link
http://mg-india-
s01/egift_design/merchant/sender_confirm!
101 Insert sql query in the link http://mg-india-
s01/egift_design/admin/edit_profile/select * from
tbl_admin where admin_username like '%admin%'
102 Insert sql query in the link http://mg-india-
s01/egift_design/admin/edit_profile/select * from
tbl_admin
103 Insert sql query in the link http://mg-india-
s01/egift_design/admin/edit_profile/select
admin_id,admin_fname from tbl_admin where
admin_username LIKE '%admin%'
Module:Login (Cross site scripting) Executed all local links from Netsparker tool
104 Insert valid username, password
Try out some scripts in the customer search box
105 Insert valid username, password
Try out some scripts in the customer search box
http://mg-india-
s01/egift_design/merchant/alert('Hacked
');
106 http://mg-india-s01/egift_design/merchant/'"--
>alert(0x00050A)
107 http://mg-india-
s01/egift_design/merchant/alert(0x00050C)
108 http://mg-india-
s01/egift_design/merchant/~.aspx'"--
>alert(0x00087D)
http://mg-india-s01/egift_design/merchant/'"--
>alert(0x000888)
109
http://mg-india-s01/egift_design/merchant/?'"--
>alert(0x00088C)
110
http://mg-india-
s01/egift_design/staff/merchants/'"--
>alert(0x00000F)
http://mg-india-
s01/egift_design/staff/merchants/?'"--
>alert(0x000011)
http://mg-india-
s01/egift_design/staff/merchants/?'"--
>alert(0x000011)
http://mg-india-
s01/egift_design/admin/edit_profile/'"--
>alert(0x00001F)
http://mg-india-
s01/egift_design/admin/edit_profile/?'"--
>alert(0x000021)
Module:Overview (Search text box Sql Injection)-Merchant
panel
Insert valid username and password
http://mg-india-s01/egift_design/merchant
116 Click Overview link
Try to login the application forcefully
Insert sql command ' Or '1' = '1
117 Press enter
Try to login the application forcefully
Insert sql command ' Or '1' = '99
118 Press enter
Try to login the application forcefully
Insert sql command ' Or '1' = '100
119 Press enter
Try to login the application forcefully
Insert sql command ' Or ' '= '
120 Press enter
Try to login the application forcefully
Insert sql command ' b ' Or 'a' = 'a
121 Press enter
Try to login the application forcefully
Insert sql command 0 1= ' -
122 Press enter
Try to login the application forcefully
Insert sql command ' OR '1 ' = '1
123 Press enter
Try to login the application forcefully
Insert sql command ' OR 1 = 1 --
124 Press enter
Try to login the application forcefully
Insert sql command ' OR a = a --
125 Press enter
Created By :- Swati Deshmukh
Reviewed By :- Dan
Modified By :-
Expected Result Actual Result
Verify that password should be in the encrypted form
Verify that copy option should be disabled
Verify that all user details gets updated in the database
Verify that DB error should be displayed
Verify that user can login successfully to the
application
Verify that home page should be displayed
Verify that login page should be displayed
Verify that user can login successfully to the
application
Verify that username and password should not be
remebered for that user
Verify that user can login to his account on a different
machine but session should gets expired on the first
machine
Verify that user should get a warning message your id
or password is wrong
Verify that user should get a warning message your id
or password is wrong
Verify that user should get a warning message your id
or password is wrong
Verify that user should get a password expiration
message
Please contact your administrator
Verify that if the user has not contacted the
administartor for password change request he should
not be able to login to the system
Verify that user should not be able to copy the
password
Copy option should be disabled
Verify that whatever username and password user has
inserted should not be available when user plays with
back and forward button
Verify that user should get a login page
Verify that session should get expire
Verify that applictaion should ask you for the email id
Verify that Invalid email id error should be displayed
Verify that email id should gets accepted and user get
a mail on their email address
Password should be there in the mail
Verify that user should not get log in
Verify that log in page should be displayed
Verify that- 1)Admin user can login to account by their
valid details through admin's login URL.
2)Staff user can login to account by their valid details
through staff's login URL.
3)Merchant user can login to account by their valid
details through merchant's login URL.
Verify that- admin user should have only access to
update their acount details ant should not be for staff
or merchant user.
Verify that- 1)Admin user should be able to create or
add / edit new premade templates. Also able to
preview them. Thes template changes should be saved
on sales page also.
Verify that- 1)Merchant user should be able to define
template setting for sales page, and also able to
preview.
Verify that- Admin user should have priviledge to
add,edit and delete the category.
Verify that- 1)Admin user should have acces to upload
the card image for selected card category. Should have
access to upload timage files only.
2)Also admin should be able to view card images.
3)Should be able to delete card images.
Verify that- Merchant user should have access to
upload card designs. Should have access to upload
image files only.
2)Also merchant should be able to view that designs.
3)Merchant should be able to add or remove the card
designs also.
Verify that- Only Admin user should able to add new
roles. Also able to edit , delete the roles.
Verify that- 1)Admin should have access to add new
staff member.
2)Admin should have access to define the roles to
staff members.
Verify that- 1)Admin user should be able to edit staff
details.
2)Admin user should be able to delete staff member.
3)Admin should has access to archive staff member.
Verify that- 1)admin should has access to login to staff
user and can make changes in staff panel also.
2)Admin should have access of manage merchant
user's details by staff login.
Verify that- 1) Admin should have access to see
employee logs for staff users.
2)Admin should have access to see log details for
staff's activity i.e for Logged In, Logged in Merchant
account,Uploaded the Card, Created New Merchant
Verify that- Only admin user should have access to
manage states. Admin should be able to add,edit and
delete the states.
Verify that- Only admin user should have access to
manage industries. Admin should be able to add,edit
and delete the industries.
Verify that- Only admin user should have access to
manage industries. Admin should be able to add,edit
and delete the industries.
Verify that- only admin should have access to set
System timezone.
Verify that- only admin should have access to set
default IP address for the site.
Verify that: 1)Only admin should have access to
add,update 'Terms & Conditions' content.
2)Only admin should have access to add,update 'Learn
More' content.
3) Only admin should have access to add,update 'Email
Footer' content.
Verify that- Only admin user should have access to
manage IP Restrcition for any selected staff user.
Admin can search for the staff users and set the
restrction time period with the IP address.So staff user
should be able access the site within that defined
range of time Only.
Verify that- Admin user should have access to manage
email templates for Merchant Activation, eGift Card
Activation,Activation Confirm,Reload Confirm,Balance
Inquiry,Balance Transfer, Forgot Password, Threshold
Notification, Staff Notices.
With this facility olny admin can manage email
template for the particular activity.
Verify that- Admin should have access to manage
reminder campaign.
Verify that even if user has valid username and
password, he should not get access to the
Verify that user gets access to the site
Verify that user can purchase eGift cards at 6:00 am
Verify that user gets access to the site
Verify that user can purchase eGift cards at 3:00 am
Verify that user should get a message via email that for
the said date and time system will go down for
maintenance
Verify that when the system is untouched for an hour,
some session expiration message should be displayed
'For security reason the session time out'
Verify that when the user doesn't access their account
for an hour an hour, some session expiration message
should be displayed
'For security reason the session time out'
Verify that session should automatically expires after
some time
Verify that user should get a access to their account
Verify that previous session should automatically gets
killled
Verify that a sesison file named ci_session should be
available
Verify that Name, content, Domain, Path, Send for and
expires details should be available
Verify that a new cookie file should be created with
refreshed details
Verify that user should not get access to any of the
tabs
Verify that login page should be displayed
Verify that user should not have a access to edit the
cookies
User has only access to remove the cookies( I am not
sure…I guess user should not have access to remove
cookies)
Verify that for every link different folder should be
created
Verify that all the cookies should get stored under this
folder
Verify that user should not have access to copy paste
the folder at any location
Verify that user should not get access to drag and drop
the cookie files or folder
Verify that Remember history
Never remember history and use Custom settings for
history options should be available
Verify that Remember history should be selected by
default
Verify that user should have access to clear his entire
history or can create a particular cookie
Verify that contents should carry a valid data of the
logged user
Verify that whatever pages user have searched on the
site should get saved for future interaction
Verify that cookie should get created for this option
and this cookie should gets saved for future interaction
Verify that cookies should be marked as HTTPonly
HTTPOnly cookies can not be read by clientside
scripts therefore marking a cookie as
HTTPOnly can provide an additional layer of protection
against Crosssite
Scripting attacks..
Verify that contents of the cookie should be encrypted
Verify that user should not have access to copy paste
the contents of the cookies
Verify that user should not have access to copy paste
the contents of the cookies
Try to add special characters, alphabets etc in account
number field
Verify that system should throw a error message
Account number field is mandatory
Verify that system should throw a error message
password field is mandatory
Should not allow user to login to application
Passsword should be a combination of alphanumeric
characters.
System should not allow the password same as
username
System should not allow user to login. It should not
accept ONLY numeric data.
System should not allow user to login. Dictionary
attack password should not be accepted by the
application. Should display error.
System should not allow user to login. Dictionary
attack password should not be accepted by the
application. Should display error.
System should not allow user to login. Dictionary
attack password should not be accepted by the
application. Should display error.
System should not allow user to login. Dictionary
attack password should not be accepted by the
application. Should display error.
System should not allow user to login. Dictionary
attack password should not be accepted by the
application. Should display error.
System should not allow user to login. Dictionary
attack password should not be accepted by the
application. Should display error.
System should not allow user to login. Dictionary
attack password should not be accepted by the
application. Should display error.
Verify that- user can guess password from this email
id. So System should not allow user to login. Dictionary
attack password should not be accepted by the
application. Should display error.
Verify that- user can guess password from this any
numeric combination. So System should not allow
user to login. Dictionary attack password should not be
accepted by the application. Should display error.
Verify that- user can guess password from user's date
of birth.So System should not allow user to login.
Dictionary attack password should not be accepted by
the application. Should display error.
Verify that- user can guess password from user's
related information. So System should not allow user
to login. Dictionary attack password should not be
accepted by the application. Should display error.
Verify that- user can guess password from user's
related information. So System should not allow user
to login. Dictionary attack password should not be
accepted by the application. Should display error.
Verify that- user can guess password from user's
related information. So System should not allow user
to login. Dictionary attack password should not be
accepted by the application. Should display error.
Verify that- user can guess password from user's
related information. So System should not allow user
to login. Dictionary attack password should not be
accepted by the application. Should display error.
Verify that some authentication questions should need
to be asked to the user before accepting the request
Verify that repeated username should not be accepted
by the system
Verify that an error message should be displayed that
'username alredy exist'
Verify that username should be unique
Verify that text 'reuired field' should be available at the
top of wach field
Verify that proper error message should be displayed
Verify that user should not get access to next page
Verify that proper error message should be displayed
Verify that user should not get access to next page
Verify that the account gets locked and needs admin
attention
Verify that all user relate info should be in some codes
form, should not display the actual details like
username and passwod
Verify that if page looks like
http://site.com/index.php?page=about
We should provide path as
http://site.com/index.php?page[]=about
Verify that opening and closing braces should be there
which causes the page to output an error
Verify that the URL should be like
http://some_site.com.br/get-
files?file=../../../../etc/passwd
When you input %x in your input text box, then you
will get some data from the stack after executing the
application
Verify that whatever data user has entered should not
gets deleted
Data should be available for the user
Verify that data should not get lost when user midway
opens any application or link
Verify that whatever data user has entered should not
gets deleted
Data should be available for the user
Verify that page gets refreshed but data should not
gets deleted, all the information should be available to
the user
Verify that whatever data user has entered should not
gets deleted.
Data should be available for the user
Verify that whatever data user has entered should not
gets deleted
Data should be available for the user
Verify that when user first opens Page Appearance
page cursor should be at the first text box
Verify that by default centered should be selected
Verify that any one option of all the radio buttons
should be selected by default
Verify that if the drop down list box is visible some
data should be available under the list box
List box should not be empty
Verify that all the data available under the list box
should be ascending in order
Verify that user can choose only one option at a time
Multiple selection is not allowed in the list box
Verify that all data should be properly visible and
space should be wide enough to display all the options
Verify that if more than 20 rows data is available then
vertical scroll bar should be availabel
Verify that horizontal scroll bar should not be available
for drop down list box
Verify that user log in to the system successfully
Verify that error message should be displayed like
'Invalid username or password'
Verify that the URL looks like http://mg-india-
s01/egift_design/login/admin/
Verify that error message should be displayed like
'Enter your password'
Verify that the URL looks like http://mg-india-
s01/egift_design/login/admin/
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be displayed to
handle this type of sql injection
Verify that database error should be diaplayed
Verify that following error should be displayed:
404 Page Not Found
The page you requested was not found.
Verify that no error should be displayed as ? Is the
allowed character for admin panel
Verify that following message should be displayed :
Disallowed Key Characters./login/admin/^
Verify that no error should be displayed as @ Is the
allowed character for admin panel
Verify that no error should be displayed as # Is the
allowed character for admin panel
Verify that following message should be displayed:
Disallowed Key Characters./login/admin/$
Verify that following error message should be
displayed
Bad request!
Your browser (or proxy) sent a request that this server
could not understand.
If you think this is a server error, please contact the
webmaster.
Error 400
mg-india-s01
2/24/2011 4:07:20 PM
Apache/2.2.17 (Win32) mod_ssl/2.2.17
OpenSSL/0.9.8o PHP/5.3.4 mod_perl/2.0.4
Perl/v5.10.1
Verify that following error message should be
displayed: Disallowed Key Characters.*(
Verify that no error message should be displayed as
hyphen is an allowed character
Verify that no error message should be displayed as
plus(+) is an allowed character
Verify the URL should look like http://mg-india-
s01/egift_design/merchant/sender_confirm/
Verify that following error should be displayed:
Disallowed Key Characters./login/admin/~
Verify that following error should be displayed:
Disallowed Key Characters./login/admin/^
Verify that following error should be displayed:
Disallowed Key Characters./login/admin/!
Verify that following message should be displayed: Bad
request!
Your browser (or proxy) sent a request that this server
could not understand.
If you think this is a server error, please contact the
webmaster.
Error 400
mg-india-s01
2/25/2011 4:27:03 PM
Apache/2.2.17 (Win32) mod_ssl/2.2.17
OpenSSL/0.9.8o PHP/5.3.4 mod_perl/2.0.4
Perl/v5.10.1
Verify that following error message should be
displayed
Disallowed Key
Characters./admin/edit_profile/select_*_from_tbl_ad
min
Verify that following error message should be
displayed: Bad request!
Your browser (or proxy) sent a request that this server
could not understand.
If you think this is a server error, please contact the
webmaster.
Error 400
mg-india-s01
2/25/2011 4:49:22 PM
Apache/2.2.17 (Win32) mod_ssl/2.2.17
OpenSSL/0.9.8o PHP/5.3.4 mod_perl/2.0.4
Perl/v5.10.1
Verify that script should not gets executed from the
search page
Verify that user should not get any alert at the login
screen
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that user should not get any alert at the
specified path
Verify that 'Search Customers' text box should be
available
Verify that user should get a list of customers matching
to the searching string
Verify that user should not get a list of customers
Verify that page gets refreshed
Verify that user should not get a list of customers
Verify that page gets refreshed
Verify that user should not get a list of customers
Verify that page gets refreshed
Verify that user should not get a list of customers
Verify that page gets refreshed
Verify that user should not get a list of customers
Verify that page gets refreshed
Verify that user should not get a list of customers
Verify that page gets refreshed
Verify that user should not get a list of customers
Verify that page gets refreshed
Verify that user should not get a list of customers
Verify that page gets refreshed
Verify that user should not get a list of customers
Verify that page gets refreshed
QA Environment
Iteration No. 1 Iteration No.2
Executed By Execution Executed
Date By
Build No. 1/14/2011 Build No.
Actual Result Status Remarks Actual Result
o.2
Execution
Date
Status Remarks
Test Case Template (Security Testing)
Project Name :-eGift
Start Date :-
End Date:-
Tested on: Mozilla Browser
Test Case
Sr.No. Action / Steps to Execute
Open merchant login page-Insert some invalid data in the
merchat login page URL
Module: Page Appearance (Authentication/ Authorization)
Login with valid User email address and password
1 Click on 'Page Appearance' tab
Copy and Paste Page Appearance's URL in same browser
2 in different tab.
Go to Merchant home page for that-
1)Click on 'Overview' menu tab
3 2)Copy & paste Page Appearance's URL in address bar.
Copy and Paste Page Appearance's URL in different
4 browser (Like in IE8/Google Chrome)
Login with valid User email address and password
Click on 'Page Appearance' tab
Click on Logout link
5 Again copy & paste Page appearacne URL in the browser.
Login with valid User email address and password
Click on 'Page Appearance' tab
Click on Go Back option from Navigation bar in the
browser.
Click on Go Forward option from Navigation bar in the
6 browser.
7 Edit in the Page Appearance's URL
Edit in the Page Appearance's URL : enter invalid text after
8 inserting slash '/'
Edit in the Page Appearance's URL : Insert Question mark
9 sign '?' at the end of URL address
Edit in the Page Appearance's URL : Insert underscore sign
10 '_' at the end of URL address
Edit in the Page Appearance's URL : Insert Exclamatory
11 sign '!' at the end of URL address
Edit in the Page Appearance's URL : Insert Doller sign '$' at
12 the end of URL address
Edit in the Page Appearance's URL : Insert sign '@' at the
13 end of URL address
Edit in the Page Appearance's URL : Insert text '' at
14 the end of URL address
Edit in the Page Appearance's URL : Insert sign '#' at the
15 end of URL address
Edit in the Page Appearance's URL : Insert percentage
16 sign '%' at the end of URL address
Edit in the Page Appearance's URL : Insert '&&\\' at the
17 end of URL address
Edit in the Page Appearance's URL : Insert '&&//' at the
18 end of URL address
Edit in the Page Appearance's URL : Insert invalid text in
the URL address "_1test"
Module: Page Appearance (Availability)
Verify that the site is available 24x7
19 Invoke the site at 6:00 am- insert username and password
and login to the account
20 Invoke the site at 3.00 am insert username and password
and login to the account
21 For maintenance
22 Add IP Restriction for staff user(through Admin) from 3PM
-6PM. And then try to merchant login before 3PM or after
6PM.
23 Add IP Restriction for staff user(through Admin) from 3PM
-6PM. And then try to merchant login between 3PM to
6PM.
Module: Page Appearance (Integrity)
24.0 Check condition: when merchant login to their account at
the very first time after account activation they will
redirect to Page Appearance page at the time and
merchant will not be able to access other menus unless
and untill after publishing this page appearance.
Insert email address and password, click Login
Click on Preview button
Click Logout link
25 Fill up all data in the gven fields: Page Title, Logo. Do
Setting for Page Style and Box Style.Click to 'Preview'
button
26 Fill up all data in the gven fields: Page Title, Logo. Do
Setting for Page Style and Box Style.Click to 'Publish'
button
27
Make changes inany Pre-Made Templates from Admin.
Select that Pre-Made Template from drop down
Module: Page Appearance(Session Expiration)
28 Login with valid user email address and password
Select 'Page Appearance' menu
Keep the system idle for an hour
29 Login with valid user email address and password
Select 'Page Appearance' menu
Do not logout of the application and turn off the computer
30 Firstly,access 'Page Appearance' page from one system
and try to access for same for same user account from
different computer.
Module: Page Appearance (cookies)
31 Login with valid login details to Merchant account and
click on 'Page Appearacne' tab
Go to Tools->Options->Privacy tab-> Remove individual
cookie link
32 Remove the file
Again login to the application using username and
password
33 Login with valid login details to Merchant account and
click on 'Page Appearacne' tab
click on some tabs and links available on the site
(do not sign out)
Go to Tools->Options->Privacy tab-> Remove individual
cookie link
Delete ci_session cookie
Click again on some tabs and links
34 Insert username ans password and click login button
click on some tabs and links available on the site
Go to Tools->Options->Privacy tab-> select Use custom
settings for history option from the drop down
Click show cookies button
35 Check the path of the stored cookies
36 Try to copy paste the cookie folder at any location
37 Try to drag the folder at some location
38 In FF browser- Check by default setting:
Go to Tools-Privacy Option-Security- Check 'Remember
Password for the Site'
Insert user email id and password,click login
39 Login with merchant email addres and password
Click on Login
Whe FF ask to Remember,Never for this site, Not Now
option.
Click on 'Remember" option
40 Login with merchant email addres and password
Click on Login
Whe FF ask to Remember,Never for this site, Not Now
option.
Click on 'Never for this site" option
41 When by default 'Remember password for site is checked
in Security setting of the browser.
Go to: Tools-Options-Security- Click on 'Saved Password'
button.
42 Go to: Tools-Options-Security- Click on Saved Password
button.
From Saved Password- click on 'Show Password' option
from bottom
43 Go to: Tools-Options-Security- Click on Saved Password
button.
From Saved Password- click on 'Remove Password' option
from bottom
45 Check the login and logout time using cookies
Total Test Cases
Test Case Type: Security Testing Created By :- Pallavi
URL used: http://mg-india- Reviewed By :- Dan
s01/egift_testing/login/merchant Modified By :-
Test Data Expected Result
Verify that-
1) Message should be displayed as-"404 Page Not Found
The page you requested was not found on this server."
2)Also there should say in the browser tab as -' 404 Not Found'
http://mg-india- 3) Also site's logo or footer should not be displayed their.Page
s01/egift_testing/login/merchant234555 should be blank just only show the error message.
Page Appearance URL: http://mg-india- Verify that user should be logged in successfully and Page
s01/egift_design/merchant/step1 Appearance page should be shown up.
Page Appearance URL: http://mg-india- Verfiy that:
s01/egift_design/merchant/step1 Page Appearance page should be displayed to the user.
Page Appearance URL: http://mg-india- Verfiy that:
s01/egift_design/merchant/step1 Page Appearance page should get displayed to the user.
Verfiy that:
Merchant login page should be displayed to the user.
Page Appearance URL: http://mg-india- Verfiy that:
s01/egift_design/merchant/step1 Merchant login page should be displayed to the user.
Verify that-
When user clicked to Go Back option from Page appearance
page Merchant Dashboard-Overview page should get
display.And again Back Merchant login page should display
where user email address/paswword should be blank.
And when Go Forward option from merchant dashboard Page
appearance page should get display.
Verify that-
Error page should be displayed with the message "404 Page
Page Appearance URL: http://mg-india- Not Found
s01/egift_design/merchant/step2 The page you requested was not found on this server."
Verfiy that:
Page Appearance URL: http://mg-india- Page Appearance page should be displayed and no action
s01/egift_design/merchant/step1/test should be taken.
Verfiy that:
Page Appearance URL: http://mg-india- Page Appearance page should be displayed and ? Is allowed
s01/egift_design/merchant/step1? character, no action should be taken.
Verify that-
Error page should be displayed with the message "404 Page
Page Appearance URL: http://mg-india- Not Found
s01/egift_design/merchant/step1_ The page you requested was not found on this server."
Verify that following error should be displayed:
Page Appearance URL: http://mg-india- Disallowed Key Characters./merchant/step1!
s01/egift_design/merchant/step1! (Page should display 404 Not found Error here )
Verify that following error should be displayed:
Page Appearance URL: http://mg-india- Disallowed Key Characters./merchant/step1$
s01/egift_design/merchant/step1$ (Page should display 404 Not found Error here )
Verify that-
Page Appearance URL: Error page should be displayed with the message "404 Page
http://mg-india- Not Found
s01/egift_design/merchant/step1@ The page you requested was not found on this server."
Page Appearance URL: Verify that following error should be displayed:
http://mg-india- Disallowed Key Characters./merchant/step1
s01/egift_design/merchant/step1 (Page should display 404 Not found Error here )
Page Appearance URL:
http://mg-india- Verify that-Page Appearance page should be displayed and # is
s01/egift_design/merchant/step1# allowed charatcer, no action should be taken.
Verify that following error message should be displayed
Bad request!
Your browser (or proxy) sent a request that this server could
not understand.
If you think this is a server error, please contact the
webmaster.
Error 400
mg-india-s01
2/24/2011 4:07:20 PM
Page Appearance URL: Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o
http://mg-india- PHP/5.3.4 mod_perl/2.0.4 Perl/v5.10.1
s01/egift_design/merchant/step1%
Verify that following error message should be displayed
Object not found!
The requested URL was not found on this server. If you
entered the URL manually please check your spelling and try
again.
If you think this is a server error, please contact the
webmaster.
Error 404
mg-india-s01
Page Appearance URL: 3/1/2011 5:48:03 PM
http://mg-india- Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o
s01/egift_design/merchant/step1&&\\ PHP/5.3.4 mod_perl/2.0.4 Perl/v5.10.1
Page Appearance URL: Verify that following error message should be displayed as
http://mg-india- "404 Page Not Found
s01/egift_design/merchant/step1&&// The page you requested was not found on this server."
Verify that-
Page Appearance URL: Error page should be displayed with the message "404 Page
http://mg-india- Not Found
s01/egift_design/merchant_1test/step1 The page you requested was not found on this server."
Verify that user gets access to the site
Verify that user can manage their accunt details.
Verify that user gets access to the site
Verify that user can purchase eGift cards at 3:00 am, can do
any activity for their account.
Verify that user should get a message via email that for the
said date and time system will go down for maintenance
Verify that- user should not be able to access the application
other than time period of 3PM-6PM.
Verify that- user should be able to access the application in
defined time period of 3PM-6PM.
Verify that:
1)Merchant user should redirects to 'Page Appearacnce' page
whe logged in at the very first time and a Welcome message
should be display here.
2)Verifed the vakues in table "tbl_merchant_profile_temp" in
DB.
3)There should not be any record in "tbl_merchant_profile" in
DB unless user do not publish this page.
Verify that-
1)A preview for page setting should be display in a pop up
screen.
2)Also verifed the values in table
"tbl_merchant_profile_temp" in DB.
Verify that-
1)Setting for the page appearance should be saved and should
display confirmation message to user "You have updated
profile settings successfully."
2)Also verifed the values in table "tbl_merchant_profile" in DB
.
Verify that-
Setting for the template which was made through admin it
should also affect her onn Page appearnce setting after
selecting that Pre-Made template.
Verify that when the system is untouched for an hour, some
session expiration message should be displayed
'For security reason the session time out'
Verify that session should automatically expires after some
time. User should get logged out from the account
automatically.
Verify that user should get a access to their account
Verify that previous session should automatically gets killled.
Verify that a sesison file named ci_session should be available
Verify that Name, content, Domain, Path, Send for and expires
Email: shree@mediaglintindia.com details should be available
Pwd: 123456
Verify that a new cookie file should be created with refreshed
details.
Verify that user should not get access to any of the tabs
and verify that merchant login page should be displayed.
Verify that user should not have a access to edit the cookies,
only user can remove cookies.
Verify that for every link different folder should be created
Verify that all the cookies should get stored under this folder
Verify that user should not have access to copy paste the
folder at any location
Verify that user should not get access to drag and drop the
cookie files or folder
Verify that- there should display a message by the browser
while login as -'Do you want Firefox to remember the
password for "shree@mediaglintindia.com" on http://mg-
Email: shree@mediaglintindia.com india-s01?'
Pwd: 123456
Verify that- Password should remember for the merchant
login link.
It should be verifed by when user login again to the account
by the same details the password field should fill up data
Email: shree@mediaglintindia.com (encrypted password) automatically and logged in succesfully.
Pwd: 123456
Verify that- when user try to login to the account next time
the password field should be blank. Password will not be saved
in the browser.
Email: shree@mediaglintindia.com
Pwd: 123456
Verify that -a new pop up window 'Saved Password' get
displayed where list of Site and Username should be display.
http://mg-india-s01/egift_design/login/merchant
shree@mediaglintindia.com
Verify that-
System should display password for that particular user.
Verify that-
System should remove saved passsword.
Cross verify this by login again to the merchant account and
check in security setting of browser for Saved password. No
saved password should be their.
Verify that whatever pages user have searched on the site
should get saved for future interaction
QA Environment
Iteration No. 1
Actual Result Executed By
Build No.
Actual Result
Showing error:
Fatal error: Call to undefined function base_url() in
C:\Shares\Web\egift_design\system\application\vie
ws\header.php on line 13
Iteration No.2
Execution Executed Execution
Date By Date
1/14/2011 Build No.
Status Remarks Actual Result Status Remarks
Test Case Template (Security Testing)
Project Name :-eGift
Start Date :- Total Test Cases
End Date:- Test Case Type: Security Testing
Tested on: Mozilla Browser URL used: http://mg-india-
s01/egift_design/staff/merchants
Test Case
Sr.No Action / Steps to Execute Test Data
.
Module: Create New Merchant (Authentication/ Authorization)
1 Open staff login page http://mg-india-s01/egift_testing/login/staff
2 Open staff login page Username-mg_staff_1
Insert valid username and password Pwd-123456
Click to Login
3 Open staff login page-Insert some invalid data in the http://mg-india-
staff login page URL s01/egift_testing/login/stafft11
4 Copy and Paste New Merchant page URL in same New Merchant URL: http://mg-india-
browser in different tab. s01/egift_testing/staff/merchants
5 Copy and Paste New Merchant page URL in different New Merchant URL: http://mg-india-
browser with login to staff account (Like in IE8/Google s01/egift_testing/staff/merchants
Chrome)
6 Login with valid Username and password New Merchant URL: http://mg-india-
Click on Logout link s01/egift_testing/staff/merchants
Again copy & paste New Merchant URL in the browser.
7 Login with valid Username and password Username--mg_staff_1
Click on Go Back option from Navigation bar in the Pwd-123456
browser. New Merchant URL: http://mg-india-
Click on Go Forward option from Navigation bar in the s01/egift_testing/staff/merchants
browser.
8 Login with valid Username and password
Click on 'Ownership Details' tab
9 Login with valid Username and password
Click on 'Management Details' tab
10 Edit in the New Merchant's URL New Merchant URL:
http://mg-india-s01/egift_testing
/staff/merchants111
11 Edit in the New Merchant's URL : enter invalid text with New Merchant URL:
slash '/edit_1' http://mg-india-s01/egift_testing
/staff/merchants/edit_1
12 Edit in the New Merchant's URL : Insert Question mark New Merchant URL:
sign '?' at the end of URL address http://mg-india-s01/egift_testing
/staff/merchants?
13 Edit in the New Merchant's URL : Insert Question mark New Merchant URL:
sign '???' at the end of URL address http://mg-india-s01/egift_testing
/staff/merchants???
14 Edit in the New Merchant's URL : Insert underscore sign New Merchant URL:
'_' at the end of URL address http://mg-india-s01/egift_testing
/staff/merchants_
15 Edit in the New Merchant's URL : Insert invalid text in New Merchant URL: http://mg-india-
the URL address "mg_staff_1" s01/egift_testing/mg_staff_1/merchants
16 Edit in the New Merchant's URL : Insert Exclamatory New Merchant URL: http://mg-india-
sign '!' at the end of URL address s01/egift_testing/staff/merchants!
17 Edit in the New Merchant's URL : Insert Doller sign '$' New Merchant URL: http://mg-india-
at the end of URL address s01/egift_testing/staff/merchants$
18 Edit in the New Merchant's URL : Insert sign '@' at the New Merchant URL: http://mg-india-
end of URL address s01/egift_testing/staff/merchants@
19 Edit in the New Merchant's URL : Insert text '' at New Merchant URL: http://mg-india-
the end of URL address s01/egift_testing/staff/merchants
20 Edit in the New Merchant's URL : Insert sign '#' at the New Merchant URL: http://mg-india-
end of URL address s01/egift_testing/staff/merchants#
21 Edit in the New Merchant's URL : Insert percentage New Merchant URL: http://mg-india-
sign '%' at the end of URL address s01/egift_testing/staff/merchants%
22 Edit in the New Merchant's URL : Insert & at the end of New Merchant URL: http://mg-india-
URL address s01/egift_testing/staff/merchants&
23 Edit in the New Merchant's URL : Insert '&&\\' at the New Merchant URL: http://mg-india-
end of URL address s01/egift_testing/staff/merchants&&\\
24 Edit in the New Merchant's URL : Insert '&&//' at the New Merchant URL: http://mg-india-
end of URL address s01/egift_testing/staff/merchants&&//
Module: Create New Merchant (Availability) : Verify that the site is available 24x7
25 Invoke the site at 6:00 am- insert username and Username: mg_staff_1
password and login to the account Pwd: 123456
26 Invoke the site at 3.00 am insert username and Username: mg_staff_1
password and login to the account Pwd: 123456
27 For maintenance
28 Add IP Restriction for staff user(through Admin) from
3PM -6PM. And then try to staff login before 3PM or
after 6PM.
29 Add IP Restriction for staff user(through Admin) from
3PM -6PM. And then try to staff login between 3PM to
6PM.
Module: Create New Merchant (Input Validation)
30 Check for required fields
31 Availability of Submit and Reset button
32 Keep every field blank and Click on 'Submit' button
33 Fill up data in all fields and then click on 'Reset' button
34 Mercury Merchant Account Number: keep this field
blank and click to submit
Mercury Merchant Account Number: Insert numeric Acount no.- 120
data of 3digit
35 Mercury Merchant Account Number: Insert numeric Acount no.- 10012345674859
data of 14digit-10012345674859
36 Mercury Merchant Account Number: Try to enter 15 Acount no.- 10012345674859
digit account number
37 Mercury Merchant Account Number: Try to Insert Acount no.- numeone
alphabetical data
38 Mercury Merchant Account Number: Try to Insert Acount no.- 123 44
space in the field
39 Mercury Merchant Account Number: Try to Insert Acount no.- 123.2#
special characters like @#? '. in the field
40 Mercury Merchant Account Number: Try to copy and
paste numeric data
41 Mercury Merchant Account Number: Try to copy and
paste alphabetical data
42 Merchant Name: keep this field blank and click to
submit
43 Merchant Name: Insert alphabetical data Merchant Name: Googletest
44 Merchant Name: Insert alphabetical data with space Merchant Name: Google Tester
45 Merchant Name: Insert alphanumeric data Merchant Name: Google22 Tester22
46 Merchant Name: Insert only special characters Merchant Name: @@##$$
47 Merchant Name: Try to copy and paste text from other
application.
48 Merchant Name: Insert Name with apostropy s Merchant Name: Tester's Restaurant
49 Merchant Email: keep this field blank and click to submit
button.
50 Merchant Email: Insert valid email address Merchant Email: test_12@gmail.com
51 Merchant Email: Insert valid email address Merchant Email: test_12@gmail.co.in
52 Merchant Email: Insert only numbers Merchant Email: 123333
53 Merchant Email: Inset email addres with space Merchant Email: 1111sdd @ ersts.com
54 Merchant Email: insert invalid email Merchant Email: @google.com
55 Merchant Email:insert website url Merchant Email: http://www.example.com
56 Merchant Email: try to copy and paste email address
from other application
57 Merchant Website: Keep this field blank and click on
Submit button
58 Merchant Website: Copy and paste any valid URL in this
field
59 Merchant Website: insert valid URL address http://www.ggogle.com
60 Merchant Website: insert valid URL address http://www.ggogle.co.in
61 Merchant Website: insert invalid URL address http://111
62 Merchant Website: inser valid URL with long length http://www.test.google/tesste_iprRE?.com
63 Merchant Phone: Keep this field blank and click on
Submit button
64 Merchant Phone: Insert valid phone number with Merchant Phone: 123-123-11111
format
65 Merchant Phone: insert phone number with than Merchant Phone: 123-11
invalid format
66 Merchant Phone: insert phone number with / Merchant Phone: 123/123/1233
67 Merchant Phone: insert phone number in bracket () Merchant Phone: (123)-123-1234
68 Merchant Phone: Merchant Phone: 123.123.1234
insert phone number with dot (.)
69 Merchant Address1- Keep this field blank and click on
Submit button
70 Merchant Address1- Insert single character in the field. Merchant Address: d
71 Merchant Address1- Insert 3 character in the field. Merchant Address: ad1
72 Merchant Address1- Insert (7Character data) Merchant Address: addr123
alphanumeric data in the field
73 Merchant Address1- Insert address with special Merchant Address: west2/3A, at@
characters place.near Art#33
74 Merchant Address1- Insert address with 100 characters
long data
75 Merchant Address1- Insert address with 255 characters
long data
76 Merchant City1- Keep this field blank and click on
Submit button
77 Merchant City1- Insert single character in the field. Merchant City: W
78 Merchant City1- Insert 2 characters in the field. Merchant City: Ad
79 Merchant City1- Insert 8 characters in the field. Merchant City: Kolkatta
80 Merchant City1- Insert 25 characters in the field. Merchant City-KolkattaKolkattaKolkattaa
81 Merchant City1- Try to insert 26 characters in the field. Merchant City-KolkattaKolkattaKolkattaarr
82 Merchant City1-Try to insert alphanumeric data Merchant City: Kolkatta24
83 Merchant City1- Insert city with the space Merchant City: New West Zone
84 Merchant State1- Keep this field blank and click on
Submit button
85 Merchant State1- Click to'Please Select' option in drop
down
86 Merchant State1- Select any one state from drop down CONNECTICUT
by scrolling a list.
87 Merchant State1- Select any one state from drop down WASHINGTON, DC
by scrolling a list.
88 Merchant State1- Select any one state from drop down
by scrolling a list. And click to Reset button
89 Merchant Zipcode1-Keep this field blank and click on
Submit button
90 Merchant Zipcode1-Insert single digit Zipcode-1
91 Merchant Zipcode1-Insert 5 digit Zipcode-19856
92 Merchant Zipcode1-Insert 7 digit Zipcode-1985644
93 Merchant Zipcode1-Try to insert more than max. length
94 Merchant Email: try to copy and paste text from other
application
95 Industry Selection- Keep this field blank and click on
Submit button
96 Industry Selection- Click to'Please Select' option in drop
down
97 Merchant State1- Select any one industry from drop Restaurant
down by scrolling a list.
98 Merchant State1- Select any one industry from drop Telecommunication, Celluar & Wireless
down by scrolling a list.
99 Merchant State1- Select any one industry from drop
down by scrolling a list. And click to Reset button.
100 Fill up all required data in the merchant details form
Click to submit button
101 Check availability of Skip, Submit and Reset button
102 Insert owners first name, last name, owner email and
phone
Clikc to Submit
Module: Create New Merchant (Session Expiration)
103 Login with valid username and password Username: mg_staff_1
Do not work on New Merchant Pwd: 123456
Keep the system idle for an hour
104 Login with valid username and password
Do not logout of the application and turn off the
computer
105 Firstly,access 'New Merchant' page from one system
and try to access for same for same user account from
different computer.
Module: Create New Merchant (cookies)
106 Login with valid login details to Staff panel and New Username: mg_staff_1
Merchant Pwd: 123456
Go to Tools->Options->Privacy tab-> Remove individual
cookie link
107 Remove the file
Again login to the application using username and
password
108 Login with valid login details to Staff panel and 'New
Merchant' tab
click on some tabs and links available on the site
(do not sign out)
Go to Tools->Options->Privacy tab-> Remove individual
cookie link
Delete ci_session cookie
Click again on some tabs and links
109 Insert username ans password and click login button
click on some tabs and links available on the site
Go to Tools->Options->Privacy tab-> select Use custom
settings for history option from the drop down
Click show cookies button
110 Check the path of the stored cookies
111 Try to copy paste the cookie folder at any location
112 Try to drag the folder at some location
113 In FF browser- Check by default setting: Username: mg_staff_1
Go to Tools-Privacy Option-Security- Check 'Remember Pwd: 123456
Password for the Site'
Insert username and password,click login
114 Login with merchant email addres and password Username: mg_staff_1
Click on Login Pwd: 123456
Whe FF ask to Remember,Never for this site, Not Now
option.
Click on 'Remember" option
115 Login with username and password Username: mg_staff_1
Click on Login Pwd: 123456
Whe FF ask to Remember,Never for this site, Not Now
option.
Click on 'Never for this site" option
116 When by default 'Remember password for site is
checked in Security setting of the browser.
Go to: Tools-Options-Security- Click on 'Saved Password'
button.
117 Go to: Tools-Options-Security- Click on Saved Password
button.
From Saved Password- click on 'Show Password' option
from bottom
118 Go to: Tools-Options-Security- Click on Saved Password
button.
From Saved Password- click on 'Remove Password'
option from bottom
119 Check the login and logout time using cookies
Created By :- Pallavi
Reviewed By :- Dan
Modified By :-
Expected Result Actual Result
Verify that-
Staff login page should be open.
Verify that-
Staff user should be logged in to the account successfully.
And page should redirects to 'http://mg-india-
s01/egift_testing/staff/merchants' this URL. By default
New Merchant page should be shown
Verify that-
1) Message should be displayed as-"404 Page Not Found
The page you requested was not found on this server."
2)Also there should say in the browser tab as -' 404 Not
Found'
3) Also site's logo or footer should not be displayed
their.Page should be blank just only show the error
message.
Verfiy that:
New Merchant page should be display to the user.
Verfiy that:
Staff login page should be display to the user.
Verfiy that:
Merchant login page should be displayed to the user.
Verify that-
When user clicked to Go Back option staff login page page
should get display.
And when Go Forward option New Merchant page should
get display.
Verify that-
A warning message should be displayed by the system as
"Please fill in Merchant Details first."
User cannot go to Ownership Details page unless and untill
user fill up merchant details.
Verify that-
A warning message should be displayed by the system as
"Please fill in Merchant Details and Ownership Details
first."
User cannot go to Management Details page unless and
untill user fill up merchant details and ownership details.
Verify that-
Error page should be displayed with the message "404
Page Not Found
The page you requested was not found on this server."
Verfiy that:
New Merchant page should be displayed and no action
should be taken.
Verfiy that:
New Merchant page should be displayed and no action
should be taken.
Verify that following error should be displayed:
Disallowed Key Characters.??
(Page should display 404 Not found Error here )
Verify that-
Error page should be displayed with the message "404
Page Not Found
The page you requested was not found on this server."
Verify that- Showing error:
Error page should be displayed with the message "404 Fatal error: Call to undefined function base_url() in
Page Not Found C:\Shares\Web\egift_testing\system\application\
The page you requested was not found on this server." views\header.php on line 13
Verify that following error should be displayed:
Disallowed Key Characters./staff/merchants!
(Page should display 404 Not found Error here )
Verify that following error should be displayed:
Disallowed Key Characters./staff/merchants$
(Page should display 404 Not found Error here )
Verify that-
Error page should be displayed with the message "404
Page Not Found
The page you requested was not found on this server."
Verify that following error should be displayed:
Disallowed Key Characters./staff/merchants
(Page should display 404 Not found Error here )
Verfiy that:
New Merchant page should be displayed and no action
should be taken.
Verify that following error message should be displayed
Bad request!
Your browser (or proxy) sent a request that this server
could not understand.
If you think this is a server error, please contact the
webmaster.
Error 400
mg-india-s01
2/24/2011 4:07:20 PM
Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o
PHP/5.3.4 mod_perl/2.0.4 Perl/v5.10.1
Verfiy that:
New Merchant page should be displayed and no action
should be taken.
Verify that following error message should be displayed
Object not found!
The requested URL was not found on this server. If you
entered the URL manually please check your spelling and
try again.
If you think this is a server error, please contact the
webmaster.
Error 404
mg-india-s01
3/1/2011 5:48:03 PM
Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o
PHP/5.3.4 mod_perl/2.0.4 Perl/v5.10.1
Verify that-
Error page should be displayed with the message "404
Page Not Found
The page you requested was not found on this server."
Verify that user gets access to the site
Verify that user can manage their accunt details.
Verify that user gets access to the site
Verify that user can purchase eGift cards at 3:00 am, can
do any activity for their account.
Verify that user should get a message via email that for the
said date and time system will go down for maintenance
Verify that- user should not be able to access the
application other than time period of 3PM-6PM.
Verify that- user should be able to access the application in
defined time period of 3PM-6PM.
Required' lable should be available for the required fields-
Merchant Account Number, Merchant Name,Merchant
Email, Merchant Website, Merchant Phone, Merchant
Address1, Merchant City1, Merchant State1, Merchant
Zipcode1 and Industry Selection. (Merchant
Address2,Merchant City2,Merchant State2, Merchant
Zipcode2 -These should be optional fields.)
Submit button: should be available to submit the form and
Reset button should be available to reset the field setting.
Verify that- error message for every required fields should
be displayed here. All message need to be in correct
sequence according to field sequence.
Merchant Details form should not submitted here.
Reset button should be worked and all fields data should
be cleared out.
Verify that-
Error message should be displayed as 'Enter Correct
Account Number in Numeric Format. Account Number
should be 1-14 digits.' on the same page.
Verify that-
Account number should accept min.1-max14 digit of
account number only.
Verify that-
Account number should accept min.1-max.14 digit of
account number only.
Verify that-
There should be restriction to add 15th digit or do not
allow to user to enter more thandefined max. length.
Verify that-It should not allow to accept characters.
Verify that-It should not allow to space also.
Verify that-It should not allow to accept special characters.
Verify that- data should be paste and shown in that
textbox. Account no. should be accepted.
Verify that- data should be paste and shown in that
textbox.
But should not allow to accept this data and error message
"Enter Correct Account Number in Numeric Format."
should be displayed.
Verify that-
Error message should be displayed as 'Enter Merchant
Name.' on the same page.
Verify that- Name should be accepted. Field should accept
the min.1 and max.32 length of data.
No error message should be displayed for this field.
Verify that- Space should allowed. Name should be
accepted with the space. Field should accept the min.1
and max.32 length of data.
No error message should be displayed for this field.
Verify that- Name should be accepted alphanumeric data.
Field should accept the min.1 and max.32 length of data.
No error message should be displayed for this field.
Verify that- Merchant name should allow to special
characters. Error message should not be displayed.
Verify that- data should be paste and shown in that
textbox.
No error message should be displayed for this field.
Verify that- Name should be accepted .No error message
should be displayed for this field.
Verify that-
Error message should be displayed as 'Enter Correct Email
Address of Merchant.' on the same page.
Verify that- valid email address should be accepted and no
error message should be displayed for this field.
Verify that- valid email address should be accepted and no
error message should be displayed for this field.
Verify that- 'Enter Correct Email Address of Merchant.'
error message should be displayed for invalid email
address.
Verify that- 'Enter Correct Email Address of Merchant.'
error message should be displayed for invalid email
address.
Verify that- 'Enter Correct Email Address of Merchant.'
error message should be displayed for invalid email
address.
Verify that- 'Enter Correct Email Address of Merchant.'
error message should be displayed for invalid email
address.
Verify that- data should be paste and shown in that
textbox.
No error message should be displayed for this field.
Verify that-
Error message should be displayed as 'Please enter valid
website address (e.g. http://www.example.com)' on the
same page.
Verify that- data should be paste and shown in that
textbox.
No error message should be displayed for this field.
Verify that- No error message should be accept when
entered valid URL.
Verify that- No error message should be accept when
entered valid URL.
Verify that-
Error message should be displayed as 'Please enter valid
website address (e.g.http://www.example.com)'
on the same page.
Verify that- No error message should be accept when
entered valid URL.
Verify that-
Error message should be displayed as 'Phone number is
required. Format is 111-111-1111.' on the same page.
Verify that- valid phone number should be accepted and
no error message should be displayed for this field.
Verify that-
Error message should be displayed as 'Phone number is
required. Format is 111-111-1111.' on the same page.
Verify that- '/' should not accepted in phone number.
Verify that- Bracket '()' should not accepted in phone
number.
Verify that- Dot (.) should not accepted in phone number.
Verify that-
Error message should be displayed as 'Merchant Address1
is required. Minimum 7 characters required.' on the same
page.
Verify that-
Error message should be displayed as 'PMerchant
Address1 is required. Minimum 7 characters required.' on
the same page. Min.7 charactes should be allowed.
Verify that-
Error message should be displayed as 'Merchant Address1
is required. Minimum 7 characters required.' on the same
page. Min.7 charactes should be allowed.
Verify that- address should be added and no error message
should be displayed for this field.
Verify that- address should be added and no error message
should be displayed for this field.
Verify that- address should be added and no error message
should be displayed for this field.
Verify that- address should be added and no error message
should be displayed for this field.
Verify that-
Error message should be displayed as 'Merchant City 1 is
required. Minimum 2 characters are required.' on the
same page.
Verify that-
Error message should be displayed as 'Merchant City 1 is
required. Minimum 2 characters are required.' on the
same page.
Field should accept min.2 and max.25 length of data.
Verify that- Merchant city should be added and no error
message should be displayed.
Verify that- Merchant city should be added and no error
message should be displayed.
Verify that- Merchant city should be added and no error
message should be displayed. Max.25 charater length
should be accepted.
Verify that- Application should checked for Max.25
charater length. And should not allow for more
than25char. Data.
Verify that- Alphanumeric data should not be accepted by
the application.
Verify that- Field should allow for space. No error
message should be displayed.
Verify that-
Error message should be displayed as 'Please select
merchant state 1.' on the same page.
By default no any state should be selected.
Verify that-States should be shown in the list. The list of
states should be alphabetically in order.
All state name should be CAPS letter.
Verify that user should select only one state.
Verify that- Selected state should be displayed in the box.
No error message should be displayed for this field.
Verify that- Selected state should be displayed in the box.
No error message should be displayed for this field.
Verify that- Field should be reset out when clicked to
Reset button.
Verify that-
Error message should be displayed as 'Merchant Zipcode 1
is required and should have 5 characters only.' on the
same page.
Verify that-
Error message should be displayed as 'Merchant Zipcode 1
is required and should have 5 characters only.' on the
same page.
Should check for Min.5
Verify that- zipcode should accept fixed 5digit zipcode and
no error should be displayed.
Verify that- zipcode should accept max. 7digit zipcode and
no error should be displayed.
Verify that- No exrta data should be added to more than
max. length7.
Verify that- data should be paste and shown in that
textbox.
But charaters should not be added in the zipcode while
paste down.
Error message should be displayed for this field.
Verify that-
Error message should be displayed as 'Please select
industry.' on the same page.
By default no any industry should be selected.
Verify that- Industries should be shown in the list. The list
of industries should be alphabetically in order.
Verify that user should select only one industry.
Verify that- Selected industry should be displayed in the
box. No error message should be displayed for this field.
Verify that- Selected industry should be displayed in the
box. No error message should be displayed for this field.
Verify that- Field should be reset out when clicked to
Reset button.
Verify that 'Ownership Details' page should be displayed
when submitted the form.
Ownership details should have the fields of Owner's First
Name,Owner's Last Name, Owner's Email and Owner's
Phone
Verify that-
1)Ownership details form should be skipped when clicked
to Skip button and user should redirects to 'Management
Details' page
2)Error message should be displayed when clicked to
submit button
3)Reset button should be available to reset the field
setting.
Verify that Management details form should be displayed
when submitted the form.
Verify that when the system is untouched for an hour,
some session expiration message should be displayed
'For security reason the session time out'
Verify that session should automatically expires after some
time. User should get logged out from the account
automatically.
Verify that user should get a access to their account
Verify that previous session should automatically gets
killled.
Verify that a sesison file named ci_session should be
available
Verify that Name, content, Domain, Path, Send for and
expires details should be available
Verify that a new cookie file should be created with
refreshed details.
Verify that user should not get access to any of the tabs
and verify that staff login page should be displayed.
Verify that user should not have a access to edit the
cookies, only user can remove cookies.
Verify that for every link different folder should be created
Verify that all the cookies should get stored under this
folder
Verify that user should not have access to copy paste the
folder at any location
Verify that user should not get access to drag and drop the
cookie files or folder
Verify that- there should display a message by the browser
while login as -'Do you want Firefox to remember the
password for "mg_staff_1" on http://mg-india-s01?'
Verify that- Password should remember for the merchant
login link.
It should be verifed by when user login again to the
account by the same details the password field should fill
up data (encrypted password) automatically and logged in
succesfully.
Verify that- when user try to login to the account next time
the password field should be blank. Password will not be
saved in the browser.
Verify that -a new pop up window 'Saved Password' get
displayed where list of Site and Username should be
display.
http://mg-india-s01/egift_design/login/merchant
shree@mediaglintindia.com
Verify that-
System should display password for that particular user.
Verify that-
System should remove saved passsword.
Cross verify this by login again to the merchant account
and check in security setting of browser for Saved
password. No saved password should be their.
Verify that whatever pages user have searched on the site
should get saved for future interaction
QA Environment
Iteration No. 1 Iteration No.2
Executed By Execution Executed Execution
Date By Date
Build No. 1/14/2011 Build No.
Actual Result Status Remarks Actual Result Status
Remarks
Test Case Template (Security Testing)
Project Name :-eGift
Start Date :- Total Test Cases
End Date :- Test Case Type: Security Testing
Tested on: Mozilla Browser URL used:
http://www.mgstaging.com/egift-
215/pacifica/purchase
Sr.No. Action / Steps to Execute Test Data
Module:Login (Availability)
Verify that the site is available 24x7
1 Invoke the site at 6:00 am Click
Purchase an eGift card
2 Invoke the site at 3.00 am click
3 For maintenance
Module:Sales Page (Session Expiration)
4 Invoke the URL http://www.mgstaging.com/egift-
Click Purchase an eGift card button 215/pacifica/purchase
Keep the system idle for an hour
5 Invoke the URL
Click Purchase an eGift card button
Keep the system idle for an hour
6 Invoke the URL
Click Purchase an eGift card button
and turn off the computer
7 Try to access the purchase link from
different computer
Module:Sales Page (cookies)
8 Invoke the URL http://www.mgstaging.com/egift-
Click Purchase an eGift card 215/pacifica/purchase
Go to Tools->Options->Privacy tab->
Remove individual cookie link
9 Remove the file
Again Invoke the URL
10 Invoke URL
Click Purchase an eGift card
Go to Tools->Options->Privacy tab->
Remove individual cookie link
Delete ci_session cookie
Click again on some tabs and links
11 Insert username ans password and
click login button
click on some tabs and links available
on the site
Go to Tools->Options->Privacy tab->
select Use custom settings for history
option from the drop down
Click show cookies button
12 Check the path of the stored cookies
13 Try to copy paste the cookie folder at
any location
14 Try to drag the folder at some location
15 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
16 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
17 Check the contents of the cookie files
18 Check the login and logout time using
cookies
19 Insert Username, password click login
Select Card design and click publish
20 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Check the status of cookie ci_session
21 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Check the contents of cookie
ci_session
22 Try to copy the content and paste it in
the browser
23 Try to copy the content and paste it in
the notepad
24 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Check the contents of cookie -utma
25 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings Format of -utma cookie:
Check the contents of cookie -utma __utma=.....
Actual content of the cookie:
158991910.188076798.129930286
1.1299302861.1299468379.2
26 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Delete the cookie -utma
27 Again visit the same site and access
the cookie settings
28 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Check the contents of cookie -utma
29 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Check the contents of cookie -utmb
30 Close the URL
Log In again
Check the -utmb contents and expiry
message
31 Invoke the URL
Do not close the application
Delete the -utmb cookie from the
cookie list
32 Go to Tools->Options->Privacy tab
33 Open the Mozilla firefox browser
Launch the mechant panel link
Go to Tools->Options->Privacy tab
Check the default settings
Check the contents of cookie -utmc
34 Close the URL
Log In again
Check the -utmb contents and expiry
message
35 Invoke the URL
Do not close the application
Delete the -utmb cookie from the
cookie list
36 Go to Tools->Options->Privacy tab
Module:Sales Page (Validations)
Invoke the URL
Click Purchase an eGift card buttton
Chk the validation for Sender name
text box
Invoke the URL
Click Purchase an eGift card buttton
Chk the validation for Email Address
text box
Invoke the URL
Click Purchase an eGift card buttton
Chk the validation for Confirm Email
Address text box
Invoke the URL
Click Purchase an eGift card buttton
Chk the validation for Mobile number
text box
Recepient's information
Invoke the URL
Click Purchase an eGift card buttton
Chk the validation for receivers name
text box
Invoke the URL
Click Purchase an eGift card buttton
Chk the validation for Email Address
text box
Invoke the URL
Click Purchase an eGift card buttton
Chk the validation for Email Address
text box
Invoke the URL
Click Purchase an eGift card buttton
Chk the validation for Mobile number
text box
Chec
Created By :- Swati
Reviewed By :- Dan
Modified By :- QA Environment
Expected Result Actual Result Executed By
Build No.
Actual Result
Verify that user gets access to this site 24x7
Verify that user can purchase eGift cards at 6:00
am
Verify that user gets access to the site
Verify that user can purchase eGift cards at 3:00
am
Verify that user should get a message via email
that for the said date and time system will go
down for maintenance
Verify that when the system is untouched for an
hour, some session expiration message should
be displayed
'For security reason the session time out'
Verify that when the user doesn't access their
account for an hour, some session expiration
message should be displayed
'For security reason the session time out'
Verify that session should automatically expires
after some time
Verify that user should get an access to their
account
Verify that previous session should
automatically gets killled
Verify that a sesison file named ci_session
should be available
Verify that Name, content, Domain, Path, Send
for and expires details should be available
Verify that a new cookie file should be created
with refreshed details
Verify that whenevr user clicks on any button or
tabs; cookie gets created for every click
Verify that user should not have a access to edit
the cookies
User has only access to remove the cookies( I
am not sure…I guess user should not have
access to remove cookies)
Verify that for every link different folder should
be created
Verify that all the cookies should get stored
under this folder
Verify that user should not have access to copy
paste the folder at any location
Verify that user should not get access to drag
and drop the cookie files or folder
Verify that Remember history
Never remember history and use Custom
settings for history options should be available
Verify that Remember history should be
selected by default
Verify that user should have access to clear his
entire history or can create a particular cookie
Verify that contents should carry a valid data of
the logged user
Verify that whatever pages user have searched
on the site should get saved for future
interaction
Verify that cookie should get created for this
option and this cookie should gets saved for
future interaction
Verify that cookies should be marked as
HTTPonly
HTTPOnly cookies can not be read by clientside
scripts therefore marking a cookie as
HTTPOnly can provide an additional layer of
protection against Crosssite
Scripting attacks..
Verify that contents of the cookie should be
encrypted
Verify that user should not have access to copy
paste the contents of the cookies
Verify that user should not have access to copy
paste the contents of the cookies
Verify that this cookie indicates the number of
times user visits
Verify that only digits should be there
Verify that the last digit indicates the number of
visits
Verify that user can easily get idea by referring
these digits
Verify that the user gets unique id of the visitor
from this string
Verify that the content should be encrypted
Verify that cookie gets deleted
Verify that updated cookie gets created
Verify that the visit count should be 1 this time
Verify that computer will consider the current
user as a new visitor
Verify that by accessing this cookie, malicious
user can get access of Days and purchase history
of the logged in user
Verify that __utmb takes a timestamp of the
exact moment in time when a visitor enters a
site
Verify that expiry details of -utmb site should
looks like
Monday, March 07, 2011 9:26:19 AM
Verify that timestamp should gets updated and
previous entry does not exist in the cookie list
Verify that the cookie gets deleted
Verify that new utmb cookie gets created with
the recent log in time details
Verify that __utmc takes a timestamp of the
exact moment in time when a visitor exits a site
Verify that expiry details of -utmc site should
looks like
Monday, March 07, 2011 11:26:19 AM
Verify that timestamp should gets updated and
previous entry does not exist in the cookie list
Verify that the cookie gets deleted
Verify that new utmb cookie gets created with
the recent log in time details
Verify that 25 characters should be accepted by
this text box
Verify that only alphabets and special characters
should be accepted by this text box
Verify that no numbers should be accepted by
this text box
Verify that only @ special character should be
accepted
Verify that no other special chars are allowed
Verify that alphanumeric characters should be
allowed
Verify that only @ special character should be
accepted
Verify that no other special chars are allowed
Verify that alphanumeric characters should be
allowed
Verify that the format should be
111-111-1111
Verify that only numbers and hyphen(-) should
be accpted
Verify that no other special chars are allowed
Verify that no alphabets are allowed
Verify that 25 characters should be accepted by
this text box
Verify that only alphabets and special characters
should be accepted by this text box
Verify that no numbers should be accepted by
this text box
Verify that only @ special character should be
accepted
Verify that no other special chars are allowed
Verify that alphanumeric characters should be
allowed
Verify that only @ special character should be
accepted
Verify that no other special chars are allowed
Verify that alphanumeric characters should be
allowed
Verify that the format should be
111-111-1111
Verify that only numbers and hyphen(-) should
be accpted
Verify that no other special chars are allowed
Verify that no alphabets are allowed
ent
Execution Date Executed Execution
By Date
Build No.
Status Remarks Actual Result Status
Remarks