Writing Test Cases for Security Test (Role Based).
What is a test case?
In software engineering, a product/ application is to be tested by exercising all possible combinations of features and inputs. In order to define a test case, we can say “It is a set of conditions or combination of variables under which a tester/ engineer will identify whether the application under test is working correctly or not”.
A single test case will not however verify that the application is working as desired. It will take numerous test cases for execution before we say that the application features are working correctly.
The typical set of test cases that are commonly used to test a particular application are
1) Unit Test cases : These test cases deal with the functioning of the individual program/ unit and the test is typically carried out by the developer.
2) Integration test cases : Once the unit test is deemed successful and further integration needs to be tested, then integration test cases will be used. This could be done by both the developers and the testers.
The approach for carrying out an integration test are
(a) Full Integration Test : In this approach, we follow the big bang theory by putting together all possible units for integration and then carrying out the test.
(b) Incremental Integration Test : In this approach, we will need to integrate each unit depending upon its status and functional capability to carry out the test. In this case, we may also find it necessary to use TEST DRIVERS and TEST STUBS.
3) Functional Test cases : These set of test cases are used to test the entire application based on its functionality.
4) Regression test cases : A regression test is done when it is required to test the entire application again after a major phase of bug resolution and fixing. This is done to identify the impact of bug fixes on the other functional features of the application.
5) System test cases : The complete set of test cases for the application (includes functional, performance, database, loop test etc.)
6) Security test cases : Testing carried out based on Role permission granted to a set of users is called Security testing. The most important feature of this test is to verify the individual roles and their permissions to each function, module, and unit of the application.
7) Acceptance test cases : The set of test cases in order to test the Acceptance criteria of the application under test is called Acceptance test.
How to write Security test cases?
I shall deal with the approach and the style for writing security test cases.
Before you begin writing your test cases, note that
1) It is important to segregate based on Roles (something like Admin, Manager, Supervisor etc.)
2) You will need to delve into the negative scenario for a particular event initially before taking up the positive scenarios. This will ensure continuity of the test cases and will greatly help.
—-0—x—0—-Given below is a very simple example for the approach to write security test cases. Once you are aware of the knack of writing simple ones like this, you can graduate to writing larger and complex ones. Yes, It is a great aid to novice and intermediate testers to follow these and test the security for any kind of application.
|NO.||Action||Test Steps||Pass/ Fail||Comments|
|1||Invoke the application by typing the URL “http://abhi/myProj/Default.asp”||The browser should be invoked and the application login page should appear.|
|Verify the login security for the Project Lead.|
|2||Login with loginname as “abhilash” and password as “password56”.||The user should be logged in and be directed to the Home page.|
|3||Verify the menu structure on the Home page.||The home page should contain the following menu structure.
|4||Verify the menu dropdown for the “Projects” menu.||The “Projects” menu should contain the following menu items.
– Create Task
– Create Build
– Create Module
|***||Like this you will need to cover the other menus too.|
|End of verification for the Project Lead.|
|Verify the login security for a Team Member|
|1||Login with loginname “anoop” and password as “anooppass”.||The user should be logged in and navigated to the Home page.|
|2||Verify the menu structure on the Home page.||The home page should contain the following menu structure.
|3||Verify that the user cannot select the menu item “Projects”.||The user should NOT be able to select the menu item “Projects”. The menu should be displayed as disabled.|
|4||Verify that the user can select the menu item “Tasks”.||The user should be able to select the menu item “Tasks”. The menu should be displayed as enabled.|
|5||Verify that the user cannot select the menu item “Dashboard”.||The user should NOT be able to select the menu item “Dashboard”. The menu should be displayed as disabled.|
|6||Verify that the user can select the menu item “Reports”.||The user should be able to select the menu item “Reports”. The menu should be displayed as enabled.|
|7||Verify that the user cannot select the menu item “Skills”.||The user should NOT be able to select the menu item “Skills”. The menu should be displayed as disabled.|
|like this you will need to tackle each content on respective pages.|
|End of verification for the team member.|
Refer to the image snapshots to get an idea on the approach to write complete security test cases.
Security Test Case – Part I for the user “admin”
Security Test Case – Part II for the user “supervisor”