Ideas for testing points:
Two major blocks: 1. Its own business functions. (Say what function is available, test what function, such as whether WMS can issue warehousing tasks according to the warehousing order) 2. Test methods: six categories:
1. Function: seven methods of black box:
equivalence class boundary value ( It is available everywhere, and one must be figured out. Where there are restrictions, the boundary value of the equivalent class can be equivalent) (such as whether the outbound can choose a larger than the inventory, can you just choose the maximum inventory)
judgment table, cause and effect Picture and combination: In the case of multiple fields, such as inventory with name, color, size, weight, you can add a field, such as adding a type field, or change the color to color to see if the system can recognize it.
The scenario method (process method) has
multiple fields, and multiple fields have query functions: there is a search function, you can use a combination test, can you search based on color only, can you search based on two fields, can you search based on multiple fields (more Combine the fields, determine the table)
2. Ease of use:
humanity, whether it is aesthetically pleasing, such as whether it is displayed in detail, whether there is a detailed display, whether it can enter the next page, return to the previous page, whether it can be searched after the field is wrong Reset, whether the layout of the page is the same, and whether the layout of the fields is beautiful. (2, 3). Whether the layout is reasonable. Check if it is on the right and reset if it is on the left (conforms to habit)
3. Compatibility:
Platform compatibility:
Can the app be compatible with multiple systems, Android (Huawei, vivo, oppo, etc.), Apple,
win10, win7, win8
Browser compatibility:
IE, Chrome, Firefox, safari, opera
4. Performance
Concurrency: how many times a second is processed, and what happens if it exceeds concurrency
5. Security (if you don’t want to talk about it, just give it to the security team for testing. As far as I know, they use two vulnerability scanning tools fortify/webinspect for security testing)
1. Four common web vulnerabilities:
1. SQL injection: Such as: select * from t_12306_user where id='31' or 0=0; //The following 0=0 offsets the previous where statement
2. Xss cross-site scripting attack: directly enter the script in the text box, such as entering the user Enter the name of the name (Baidu JS attack script or html attack script, etc., you can search for similar scripts)
3. Cross-directory access: directly change the url address, if you can directly access the interface of advanced users or administrators, there will be a problem Up.
4. User authority access control: For example, the add authority function (check box) of ZenTao backstage, almost every backstage, as long as there are different roles (administrator, ordinary user, VIP), there will be differences in user authority. To test, you need to configure different permissions for the user, and then log in to the user to see if these permissions are configured, and whether there are more or less.
2. There are some encryption algorithms:
1. Asymmetric encryption RSA (asymmetric encryption algorithm developed by three people in Sweden): two keys (two keys), one public key and one private key, only the public key can be encrypted , The private key can only be used for decryption. The public key can be circulated on the network, and decryption can only be decrypted by this private key, so generally the private key is stored in the decryption. Even if the public key is hijacked, it cannot be decrypted.
The test is to see whether it can be successfully encrypted normally and whether it can be decrypted normally2
, symmetric encryption DES, MD5 (irreversible message digest algorithm, 32-bit string): DES, symmetric, encrypted with the same key (same key) And decrypt a ciphertext (key text)
test is to see whether it can be encrypted successfully and decrypted normally (except for the decryption of md5, md5 cannot be decrypted)
3. When the password is stored in the interface or database table, it must be displayed in cipher text, whether sensitive fields are displayed in cipher text on the page or in the background.
6. The user’s objective operation (important): the
user repeats the submission (will you deduct more money if you click multiple times quickly?), what happens if there are spaces in the input content, click directly to submit or directly click to log in (default value test) .
Especially when hardware is involved, whether the abnormal operation of the hardware can timely feedback the status data of the physical product to the software side
7. Three exceptions:
1. Network:
disconnection (router set mac address filtering or turn off the router, network card service can be disabled, network Shielding device (such as radiation shielding device, radiation shielding clothing, elevator room), network card arrears, network card traffic is used up and speed limit), weak network (4G to 3G, 3G to 2G, 2G to e signal, router setting current limit, driving Moving, high-speed train)
2. DB:
DDL: Rename table (exception handling mechanism is required), synchronous or asynchronous request mode. Synchronization: The client has been waiting for the server to return data. For example, there is no exception handling mechanism. After an exception occurs, the client will continue to load and will not respond to error messages. Synchronization is similar to making a call. Asynchronous: No need to wait for server confirmation, similar to group sending of short messages, the message is finished after sending, without waiting
DML: Perform an update or delete operation to change the record of the table so that the content of the query does not exist.
Stop the database, stop mysqld and
not give the user update permission (only select), or give the user select permission. grant.
Modify any connection information, whether it is possible to query the database information normally. For example, modify the url (address), port, library name, user name, and password of the database (change it in the jdbc file of the server)
3. Server:
tomcat application server, 1. The user name, password, port, address (url) are incorrect Can you access normally
2. The server can be stopped (it is easy to cause a timeout exception
I have brought dozens of graduating classes, which is also a requirement for our students who love soft testing. The methods I summarized above can be truly integrated, so that I can quickly start the test of a software project, at least the functional test can be smoothly handled.