TC ID

FEATURE

TEST CASES/STEPS

EXP RESULT

TC_SECURITY_1

APPLICATION FLOODING

Objective: To ensure that the app functions as expected when subjected to large volumes of requests, transactions, spam, and/or network traffic

Pre-req:
1. Latest app is installed on the test device
2. WiFi/3G is turned ON on the test device

Tools to use: Request Loader

Test Steps:
1. Tap to launch the app
2. Login with valid credentials
3. Inject large volumes of requests, transactions or network traffic into the app using the tool ‘Request Loader’
4. Observe the app behavior

The app behavior & functionality has to be normal as expected

TC_SECURITY_2

APPLICATION WORKFLOW

Objective: To ensure the app restricts the user when the sequence of actions followed are against the workflow defined

Pre-req:
1. Latest app is installed on the test device
2. WiFi/3G is turned ON on the test device

Test Steps:
1. Tap to launch the app
2. Login with valid credentials
3. Access a particular functionality or screen directly, by skipping/avoiding the actual sequential work flow defined
4. Observe the app behavior

The app should not allow the user to skip/void the workflow defined

TC_SECURITY_3

DEFAULT ACCOUNTS

Objective: To ensure the default account names and passwords are already reserved & made unavailable to outsider(s)

Pre-req:
1. Latest app (PROD BUILD) is installed on the test device
2. WiFi/3G is turned ON on the test device

Test Data:

UN: admin or administrator
PWD: adminuser

UN: testuser123
PWD: testuser@123

Test Steps for REGISTER/NEW ACCOUNT/SIGN UP:

1. Tap to launch the app (PROD build)
2. Create a new user account using the above test data or commonly used test data
3. Verify if the user is able to create a new account using the above test data on PROD build

Test Steps for EXISTING ACCOUNT:

1. Tap to launch the app (PROD build)
2. Login to the app using the above test data or commonly used test data
3. Tap on Login button
4. Observe the app behavior

1. End User should not be able to register an account with the specified test data

2. End User should not be able to login with the specified test data

TC_SECURITY_4

PASSWORD STRENGTH

Objective: To validate the values of password strength meter displayed during Sign Up of a new user

Pre-req:
1. Latest version of the app is downloaded & installed on the device
2. WiFi/4G/3G/2G is turned ON on the test device

Test Steps:
1. Tap to launch the app
2. Tap on ‘Sign Up’
3. Input all the required fields
4. Start entering/editing/modifying/adding a password in the ‘Password’ textbox
5. Validate the password strength meter values displayed

1. The below values has to be displayed for password strength meter, depending on the number and type of characters being entered by the user:

(i) Too short
(ii) Weak
(iii) Fair
(iv) Good
(v) Strong

2. The app also has to instruct/recommend the user as per below:

To make your password stronger, consider:

(i) Adding a uppercase character
(ii) Adding a lowercase character
(iii) Adding a number
(iv) Adding a special character
(v) Make it atleast 8 characters

TC_SECURITY_5

PASSWORD STRENGTH

Objective: To validate the values of password strength meter displayed during ‘Change Password’ process

Pre-req:
1. Latest version of the app is downloaded & installed on the device
2. WiFi/4G/3G/2G is turned ON on the test device

Test Steps:
1. Tap to launch the app and login to the app with valid UN/PWD
2. Tap on ‘Change Password’
3. Enter the correct password in the ‘Old Password’ text box
4. Start entering/editing/modifying/adding the new password in the ‘New Password’ text box
5. Validate the password strength meter values displayed

1. The below values has to be displayed for password strength meter, depending on the number and type of characters being entered by the user:

(i) Too short
(ii) Weak
(iii) Fair
(iv) Good
(v) Strong

2. The app also has to instruct/recommend the user as per below:

To make your password stronger, consider:

(i) Adding a uppercase character
(ii) Adding a lowercase character
(iii) Adding a number
(iv) Adding a special character
(v) Make it atleast 8 characters

TC_SECURITY_6

PASSWORD STRENGTH

Objective: To validate the values of password strength meter displayed during ‘Forgot Password’ process

Pre-req:
1. Latest version of the app is downloaded & installed on the device
2. WiFi/4G/3G/2G is turned ON on the test device
3. Valid user account is created with <Email Address> and <Password>

Test Steps:
1. Tap to launch the app
2. Tap on ‘Forgot Password’ in the Login screen
3. Input a registered email id in the ‘Email’ textbox (eg. [email protected])
4. Tap on Submit button
5. Observe the app behavior
6. Access the email inbox of the user entered in step 3
7. Open the email received as part of ‘Forgot Password’ process (step 4)
8. Click on the URL/link inside the email
9. Enter the temporary password
10. Start entering/editing/modifying/adding the new password in the ‘New Password’ text box
11. Observe if the password strength meter is displayed
12. Validate the password strength meter values displayed

1. The below values has to be displayed for password strength meter, depending on the number and type of characters being entered by the user:

(i) Too short
(ii) Weak
(iii) Fair
(iv) Good
(v) Strong

2. The app also has to instruct/recommend the user as per below:

To make your password stronger, consider:

(i) Adding a uppercase character
(ii) Adding a lowercase character
(iii) Adding a number
(iv) Adding a special character
(v) Make it atleast 8 characters

TC_SECURITY_7

PASSWORD POLICY

Objective: To validate if a Password policy exists during ‘Sign Up’ process
 
Pre-req:

1. Latest version of the app is downloaded & installed on the device
2. WiFi/4G/3G/2G is turned ON on the test device
 
Test Steps:
1. Tap to launch the app
2. Tap on ‘Sign Up’ button to start the registration process
3. Observe if a password policy exists during the ‘Sign Up’ functionality process

The password policy has to exist as per below:

Password must contain:

one uppercase letter (A-Z),
one lowercase letter(a-z),
one number (0-9) and
8-256 characters

TC_SECURITY_8

PASSWORD POLICY

Objective: To validate if a Password policy exists during ‘Change Password’ process
 
Pre-req:

1. Latest version of the app is downloaded & installed on the device
2. WiFi/4G/3G/2G is turned ON on the test device
 
Test Steps:
1. Tap to launch the app
2. Tap on ‘Change Password’ button
3. Enter the correct password in the ‘Old Password’ text box
4. Start entering the new password in the ‘New Password’ text box
5. Observe if a password policy exists during the ‘Change Password’ functionality process

The password policy has to exist as per below:

Password must contain:

one uppercase letter (A-Z),
one lowercase letter(a-z),
one number (0-9) and
8-256 characters

TC_SECURITY_9

PASSWORD POLICY

Objective: To validate if a Password policy exists during ‘Forgot Password’ process
 
Pre-req:

1. Latest version of the app is downloaded & installed on the device
2. WiFi/4G/3G/2G is turned ON on the test device
 
Test Steps:
1. Tap to launch the app
2. Tap on ‘Forgot Password’ button
3. Input a registered email id in the ‘Email’ textbox (eg. [email protected])
4. Tap on Submit button
5. Observe the app behavior
6. Access the email inbox of the user entered in step 3
7. Open the email received as part of ‘Forgot Password’ process (step 4)
8. Click on the URL/link inside the email
9. Enter the temporary password
10. Start entering the new password in the ‘New Password’ text box
11. Observe if a password policy exists during the ‘Forgot Password’ functionality process

The password policy has to exist as per below:

Password must contain:

one uppercase letter (A-Z),
one lowercase letter(a-z),
one number (0-9) and
8-256 characters

TC_SECURITY_10

PASSWORD STORAGE

Objective: To validate how the new password is stored/saved on the database after the user completes sign-up/registration process

Pre-req:
1. Latest version of the app is downloaded & installed on the device
2. WiFi/4G/3G/2G is turned ON on the test device
3. Valid user account is created with <Email Address> and <Password>

Test Steps:
1. Tap to launch the app
2. Tap on ‘Sign Up’ button to start the registration process
3. Input all the required fields
4. Tap on Save/Submit button
5. Ensure that the user sign-up/registration is successful
6. Validate how the password is stored on the database/cloud

1. The password should not be stored as plain text

2. The password has to be stored as hashed/encrypted

TC_SECURITY_11

PASSWORD STORAGE

Objective: To validate how the new password is stored/saved on the database after the user changes the password during the ‘Change Password’ screen

Pre-req:
1. Latest version of the app is downloaded & installed on the device
2. WiFi/4G/3G/2G is turned ON on the test device
3. Valid user account is created with <Email Address> and <Password>

Test Steps:
1. Tap to launch the app and login to the app with valid UN/PWD
2. Tap on ‘Change Password’
3. Enter the correct password in the ‘Old Password’ text box
4. Enter the matching text in ‘New Password’ and ‘Confirm New Password’ text boxes
5. Tap on Save/Submit button
6. Ensure the password is changed successfully
7. Validate how the password is stored on the database/cloud

1. The password should not be stored as plain text

2. The password has to be stored as hashed/encrypted