Test Objectives for Passwords

Test Objectives for Passwords

One of the most common web UI elements on website is humble Password field. Every website that requires authentication commonly needs a way to enter the password and there few different ways to collect it.

Most of the time password fields do have a special masking to hide characters entered. Similarly there commonly is a minimum length requirement, but is that all. Are there any other similarities with the common password field, and most importantly are there any common #TestObjectives that software testers, specially in the context of Exploratory Testing or Session Based Testing.

 

So lets start with those two common requirements and see what #TestObjectives we can come up with.

Group Test Objective
valid Password with zero length
valid Password with 256 characters
valid Password with 1025 characters
valid Password with special characters: !”#¤%&/()=^
valid Password with special characters: ASCII 9 (○), ASCII 23 (↨), ASCII 26 (→)
valid Password with special meaning: <script>alert(password);</script>
valid Password with special meaning: <?php print_r($_SESSION);?>
valid Password with special meaning: <% HttpContext.Current.Session[“password”] %>
valid Password with special meaning:
‘;UPDATE users SET password = ‘apple’; SELECT * FROM users WHERE ‘1’ = ‘1

Hopefully that gives you an idea that even a simple password field that looks very simple can actually have multiple #TestObjectives that can be tested.

So next time you see the password field remember that there might be more than you think to test for.
Test objectives for password field

Interested to read more about possible Test Objectives for passwords?

Download ebook

 

 

 

Facebooktwittergoogle_pluspinterestlinkedinmailby feather

1 Comment

  1. VADDI SANDEEP

    To mitigate the risk of easily guessed passwords facilitating unauthorized access there are two solutions: introduce additional authentication controls (i.e. two-factor authentication) or introduce a strong password policy. The simplest and cheapest of these is the introduction of a strong password policy that ensures password length, complexity, reuse and aging.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *