Exploratory testing tips

Exploratory testing can be a challenge.  How to know that you have covered entire application? What all areas need to be covered?

I have listed down some exploratory testing tips. This checklist will help you in performing exploratory testing in a more structured way.

1. Test for data types

Path Files
Long Name (>255 chars)
pecial Characters in Name (space * ? / \ | < > , . ( ) [ ] { } ; : ‘ “ ! @ # $ % ^ &)
Non-Existent, Already Exists
No Space, Unavailable
Time and DateTimeouts
Time Difference between Machines
Crossing Time Zones
Leap Days
Always Invalid Days (Feb 30, Sept 31)Feb 29 in Non-Leap Years
Different Formats (June 5, 2001; 06/05/2001; 06/05/01; 06-05-01; 6/5/2001 12:34)
Daylight Savings Changeover
Reset Clock Backward or Forward
32768 (215)
32769 (215 + 1)
65536 (216)
65537 (216 +1)
2147483648 (231)
2147483649 (231 + 1)
4294967296 (232)
4294967297 (232 + 1)
Scientific Notation(1E-16)
Floating Point/Decimal (0.0001)
With Commas (1,234,567)
European Style (1.234.567,89)
All the Above in Calculations
StringLong (255, 256, 257, 1000, 1024, 2000, 2048 or more characters) ƒ Accented Chars (àáâãäåçèéêëìíîðñòôõöö, etc.)
Asian Chars
Common Delimiters and Special
Characters ( “ ‘ ` | / \ , ; : & < > ^ * ? Tab )
Leave Blank ƒ Single Space ƒ Multiple Spaces
Leading Spaces
End-of-Line Characters
SQL Injection ( ‘select * from customer ) With All Actions (Entering, Searching, Updating, etc.)
GeneralViolates Domain-Specific Rules (an ip address of 999.999.999.999, an email address with no “@”, an age of -1)
Violates Uniqueness Constraint

2. Browser dependent tests

Navigation testsBack (look for ‘Expired’ messages and double-posted transactions)
Bookmark the URL and then select Bookmark when Logged Out
Hack the URL (change/remove parameters; see also Data Type Attacks)
Multiple Browser Instances Open
Input testsHTML/JavaScript Injection (allowing the user to enter arbitrary HTML tags and JavaScript commands can lead to security vulnerabilities) Check Max Length Defined on Text Inputs
> 5000 Chars in TextAreas
Syntax Use HTML Syntax Checker (http://validator.w3.org/) and
CSS Syntax Checker (http://jigsaw.w3.org/css-validator/)
Browser preferencesJavascript Off
Cookies Off
Security High
Change Font Size

3. Miscellenous

Variable analysisIdentify anything whose value can change.
InterfaceIdentify any public or private interface that provides visibility or control. Provides places to provoke, monitor, and verify the system.
BoundariesNear the boundaries (too big, too small) and at boundaries. Exact values
CURDCreate, update, read and delete
Sequence/WorkflowPerform a sequence of actions involving data, verifying the data integrity at each step.
Default ValuesChanging the default configurations
InterruptionsLog Off, Shut Down, Reboot, Kill Process, Disconnect, Hibernate, Timeout, Cancel
StressCPU, Memory, Network, or Disk at maximum capacity
SelectionsSome, none, all for example Some permissions, No permissions, All permissions
Multiuser/concurrent usersSimultaneous create, update, delete from two accounts or same account logged in twice
DependenciesIdentify dependencies across different data/fields, workflow steps etc.
Input methodTyping, copy/paste, drag and drop, import etc.
SortingAlpha/Numeric/alphanumeric/across pages
Third part integrationIdentify third party issues. 3rd party css/js/API ‘s etc.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.