Test Objectives for Passwords
One of the most common web UI elements on website is humble Password field. Every website that requires authentication commonly needs a way to enter the password and there few different ways to collect it.
Most of the time password fields do have a special masking to hide characters entered. Similarly there commonly is a minimum length requirement, but is that all. Are there any other similarities with the common password field, and most importantly are there any common #TestObjectives that software testers, specially in the context of Exploratory Testing or Session Based Testing.
So lets start with those two common requirements and see what #TestObjectives we can come up with.
Group | Test Objective |
valid | Password with zero length |
valid | Password with 256 characters |
valid | Password with 1025 characters |
valid | Password with special characters: !”#¤%&/()=^ |
valid | Password with special characters: ASCII 9 (○), ASCII 23 (↨), ASCII 26 (→) |
valid | Password with special meaning: <script>alert(password);</script> |
valid | Password with special meaning: <?php print_r($_SESSION);?> |
valid | Password with special meaning: <% HttpContext.Current.Session[“password”] %> |
valid | Password with special meaning: ‘;UPDATE users SET password = ‘apple’; SELECT * FROM users WHERE ‘1’ = ‘1 |
Hopefully that gives you an idea that even a simple password field that looks very simple can actually have multiple #TestObjectives that can be tested.
So next time you see the password field remember that there might be more than you think to test for.
Interested to read more about possible Test Objectives for passwords?
by
To mitigate the risk of easily guessed passwords facilitating unauthorized access there are two solutions: introduce additional authentication controls (i.e. two-factor authentication) or introduce a strong password policy. The simplest and cheapest of these is the introduction of a strong password policy that ensures password length, complexity, reuse and aging.
It was really helpful. Thanks to the author!!