Back to CV
Manual Testing Portfolio
Login Functionality - Black-box Testing
Test Scenarios
| ID |
Scenario |
Priority |
| TS-01 |
Verify successful login with valid credentials |
High |
| TS-02 |
Verify login fails with invalid credentials |
High |
| TS-03 |
Verify login form validation |
Medium |
| TS-04 |
Verify password security features |
High |
| TS-05 |
Verify "Remember Me" functionality |
Low |
| TS-06 |
Verify "Forgot Password" link |
Medium |
Test Cases
TC-001: Successful Login with Valid Credentials
| Test Case ID | TC-001 |
| Test Scenario | TS-01 |
| Priority | High |
| Preconditions | User account exists in the system |
| Step |
Action |
Test Data |
Expected Result |
| 1 |
Navigate to login page |
URL: /login |
Login page is displayed |
| 2 |
Enter valid username |
testuser@email.com |
Username field accepts input |
| 3 |
Enter valid password |
ValidPass123! |
Password field shows masked characters |
| 4 |
Click "Login" button |
- |
User is redirected to dashboard |
Expected Result: User successfully logs in and sees the dashboard with welcome message.
TC-002: Login Fails with Invalid Password
| Test Case ID | TC-002 |
| Test Scenario | TS-02 |
| Priority | High |
| Preconditions | User account exists in the system |
| Step |
Action |
Test Data |
Expected Result |
| 1 |
Navigate to login page |
URL: /login |
Login page is displayed |
| 2 |
Enter valid username |
testuser@email.com |
Username field accepts input |
| 3 |
Enter invalid password |
WrongPassword |
Password field shows masked characters |
| 4 |
Click "Login" button |
- |
Error message is displayed |
Expected Result: Login fails. Error message "Invalid username or password" is displayed. User remains on login page.
TC-007: SQL Injection Attempt
| Test Case ID | TC-007 |
| Test Scenario | TS-04 (Security) |
| Priority | High |
| Preconditions | None |
| Step |
Action |
Test Data |
Expected Result |
| 1 |
Navigate to login page |
URL: /login |
Login page is displayed |
| 2 |
Enter SQL injection in username |
' OR '1'='1 |
Field accepts input |
| 3 |
Enter any password |
anything |
Password field accepts input |
| 4 |
Click "Login" button |
- |
Login fails safely |
Expected Result: Application handles input safely. No SQL error is exposed. Standard "Invalid username or password" message is shown.
Testing Techniques Used
Equivalence Partitioning
| Partition |
Valid/Invalid |
Example |
| Valid username + valid password |
Valid |
testuser@email.com / ValidPass123! |
| Valid username + invalid password |
Invalid |
testuser@email.com / WrongPass |
| Invalid username + valid password |
Invalid |
nobody@email.com / ValidPass123! |
| Empty username |
Invalid |
(empty) |
| Empty password |
Invalid |
(empty) |
Boundary Value Analysis
| Boundary |
Test Values |
Expected |
| Password min length (8) |
7 chars, 8 chars, 9 chars |
7: fail, 8: pass, 9: pass |
| Username max length (50) |
49 chars, 50 chars, 51 chars |
49: pass, 50: pass, 51: fail |
Bug Report
BUG-001: Error Message Reveals User Existence
| Bug ID | BUG-001 |
| Severity | Medium |
| Priority | High |
| Environment | Chrome 120, Windows 11 |
Description: When attempting to log in with a non-existent username, the error message "User not found" is displayed. This reveals to potential attackers which usernames exist in the system.
Steps to Reproduce:
- Navigate to /login
- Enter username: nonexistent@test.com
- Enter password: AnyPassword123
- Click "Login" button
Actual Result: Error message: "User not found"
Expected Result: Generic error message: "Invalid username or password"
Security Impact: Attackers can enumerate valid usernames by observing different error messages.
Suggested Fix: Use the same generic error message for all authentication failures.
Tools Used
Manual Documentation
Chrome DevTools
Jira (format)