{"id":135,"date":"2015-03-06T20:41:13","date_gmt":"2015-03-06T20:41:13","guid":{"rendered":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/?p=135"},"modified":"2015-03-18T20:03:51","modified_gmt":"2015-03-18T20:03:51","slug":"for-passwords","status":"publish","type":"post","link":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/for-passwords\/","title":{"rendered":"Test Objectives for Passwords"},"content":{"rendered":"<h1>Test Objectives for Passwords<\/h1>\n<p>One of the most common web UI elements on website is humble Password field. Every website that requires authentication commonly needs a way to enter the password and there few different ways to collect it.<\/p>\n<p>Most of the time password fields do have a special masking to hide characters entered. Similarly there commonly is a minimum length requirement, but is that all. Are there any other similarities with the common password field, and most importantly are there any common <a title=\"#TestObjectives\" href=\"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/category\/testobjectives\/\">#TestObjectives<\/a>\u00a0that software testers, specially in the context of Exploratory Testing or Session Based Testing.<\/p>\n<p>&nbsp;<\/p>\n<p>So lets start with those two common requirements and see what <a title=\"#TestObjectives\" href=\"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/category\/testobjectives\/\">#TestObjectives<\/a>\u00a0we can come up with.<\/p>\n<table width=\"491\">\n<tbody>\n<tr>\n<td width=\"83\"><b>G<\/b><b>roup<\/b><\/td>\n<td width=\"408\"><b>Test Objective<\/b><\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with zero length<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with 25<span style=\"color: #ff0000;\">6<\/span> characters<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with 102<span style=\"color: #ff0000;\">5<\/span> characters<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with special characters: <span style=\"color: #000080;\">!&#8221;#\u00a4%&amp;\/()=^<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with special\u00a0characters: <span style=\"color: #000080;\">ASCII 9 (\u25cb), ASCII 23 (\u21a8), ASCII 26 (\u2192)<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with special meaning:\u00a0<span style=\"color: #000080;\">&lt;script&gt;alert(password);&lt;\/script&gt;<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with special meaning:\u00a0<span style=\"color: #000080;\"><code><span class=\"pun\">&lt;?<\/span><span class=\"pln\">php <\/span><\/code><span class=\"pln\">print_r<\/span><span class=\"pun\">(<\/span><span class=\"pln\">$_SESSION<\/span><span class=\"pun\">);<\/span>?&gt;<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with special meaning:\u00a0<span style=\"color: #000080;\">&lt;%\u00a0<span class=\"typ\">HttpContext<\/span><span class=\"pun\">.<\/span><span class=\"typ\">Current<\/span><span class=\"pun\">.<\/span><span class=\"typ\">Session<\/span><span class=\"pun\">[<\/span><span class=\"str\">&#8220;password&#8221;<\/span><span class=\"pun\">]\u00a0%&gt;<\/span><\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"83\">valid<\/td>\n<td width=\"408\">Password with special meaning:<br \/>\n<span style=\"color: #000080;\">&#8216;;UPDATE users SET password = &#8216;apple&#8217;;\u00a0<span class=\"kw1\">SELECT<\/span> <span class=\"sy0\">*<\/span> <span class=\"kw1\">FROM<\/span> users\u00a0<span class=\"kw1\">WHERE<\/span> <span class=\"st0\">&#8216;1&#8217;<\/span> <span class=\"sy0\">=<\/span> <span class=\"st0\">&#8216;1<\/span><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Hopefully that gives you an idea that even a\u00a0simple password field that looks very simple can actually have multiple <a title=\"#TestObjectives\" href=\"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/category\/testobjectives\/\">#TestObjectives<\/a>\u00a0that can be tested.<\/p>\n<p>So next time you see the password field remember that there might be more than you think to test for.<br \/>\n<a href=\"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-content\/uploads\/2015\/03\/password_field.jpg\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-143\" src=\"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-content\/uploads\/2015\/03\/password_field.jpg\" alt=\"Test objectives for password field\" width=\"400\" height=\"65\" srcset=\"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-content\/uploads\/2015\/03\/password_field.jpg 400w, http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-content\/uploads\/2015\/03\/password_field-300x49.jpg 300w\" sizes=\"(max-width: 400px) 100vw, 400px\" \/><\/a><\/p>\n<p>Interested to read more about possible Test Objectives for passwords?<\/p>\n<p><a href=\"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/ebook\"><img loading=\"lazy\" class=\"alignleft size-full wp-image-281\" src=\"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-content\/uploads\/2015\/03\/cmd_download_ebook.jpg\" alt=\"Download ebook\" width=\"280\" height=\"46\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tips for writing Exploratory testing and Session Based Testing TestObjectives for Password fields. #TestObjectives #SessionBasedTesting<\/p>\n","protected":false},"author":1,"featured_media":141,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[20,11,7,12,13,9],"_links":{"self":[{"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/posts\/135"}],"collection":[{"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":11,"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/posts\/135\/revisions"}],"predecessor-version":[{"id":283,"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/posts\/135\/revisions\/283"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/media\/141"}],"wp:attachment":[{"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/categories?post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mytipsfor.com\/writing\/testobjectives\/wp-json\/wp\/v2\/tags?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}