Microsoft PowerPoint - HeuristicsCheatSheetv1.ppt

Test Heuristics Cheat Sheet Data Type Attacks & Web Tests

Data Type Attacks

Long Name (>255 chars) ƒ Special Characters in Name (space * ? / \ | < > , . ( ) [ ] { } ; : ‘ “ ! @ # $ % ^ &) ƒ Non-Existent ƒ Already Exists ƒ No Space ƒ Minimal Space ƒ Write- Protected ƒ Unavailable ƒ Locked ƒ On Remote Machine ƒ Corrupted Timeouts ƒ Time Difference between Machines ƒ Crossing Time Zones ƒ Leap Days ƒ Always Invalid Days (Feb 30, Sept 31) ƒ Feb 29 in Non-Leap Years ƒ Different Formats (June 5, 2001; 06/05/2001; 06/05/01; 06-05-01; 6/5/2001 12:34) ƒ Daylight Savings Changeover ƒ Reset Clock Backward or Forward 0 ƒ 32768 (2 15 ) ƒ 32769 (2 15 + 1) ƒ 65536 (2 16 ) ƒ 65537 (2 16 +1) ƒ 2147483648 (2 31 ) ƒ 2147483649 (2 31 + 1) ƒ 4294967296 (2 32 ) ƒ 4294967297 (2 32 + 1) ƒ Scientific Notation (1E-16) ƒ Negative ƒ Floating Point/Decimal (0.0001) ƒ With Commas (1,234,567) ƒ European Style (1.234.567,89) ƒ All the Above in Calculations Long (255, 256, 257, 1000, 1024, 2000, 2048 or more characters) ƒ Accented Chars (àáâãäåçèéêëìíîðñòôõöö, etc.) ƒ Asian Chars ( ƒ Common Delimiters and Special Characters ( “ ‘ ` | / \ , ; : & < > ^ * ? Tab ) ƒ Leave Blank ƒ Single Space ƒ Multiple Spaces ƒ Leading Spaces ƒ End-of-Line Characters (^M) ƒ SQL Injection ( ‘select * from customer ) ƒ With All Actions (Entering, Searching, Updating, etc.)

Paths/Files

Time and Date

Numbers

Strings

Violates Domain-Specific Rules (an ip address of 999.999.999.999, an email address with no “@”, an age of -1) ƒ Violates Uniqueness Constraint

General

Web Tests Back (watch for ‘Expired’ messages and double-posted transactions) ƒ Refresh ƒ Bookmark the URL ƒ Select Bookmark when Logged Out ƒ Hack the URL (change/remove parameters; see also Data Type Attacks ) ƒ Multiple Browser Instances Open See also Data Type Attacks ƒ HTML/JavaScript Injection (allowing the user to enter arbitrary HTML tags and JavaScript commands can lead to security vulnerabilities) ƒ Check Max Length Defined on Text Inputs ƒ > 5000 Chars in TextAreas

Navigation

Input

HTML Syntax Checker (http://validator.w3.org/) CSS Syntax Checker (http://jigsaw.w3.org/css-validator/)

Syntax

Javascript Off ƒ Cookies Off ƒ Security High ƒ Resize Browser Window ƒ Change Font Size

Preferences

Testing Wisdom A test is an experiment designed to reveal information or answer a specific question about the software or system. ƒ Stakeholders have questions; testers have answers . ƒ Don’t confuse speed with progress. ƒ Take a contrary approach. ƒ Observation is exploratory. ƒ The narrower the view, the wider the ignorance. ƒ Big bugs are often found by coincidence. ƒ Bugs cluster. ƒ Vary sequences, configurations, and data to increase the probability that, if there is a problem, testing will find it. ƒ It’s all about the variables.

This cheat sheet includes ideas from Elisabeth Hendrickson, James Lyndsay, and Dale Emery

Copyright © 2006 Quality Tree Software, Inc. www.qualitytree.com

Made with FlippingBook - Online Brochure Maker