I’m often asked to test a website with not much time or direction. With only a few fuzzy requirements and fewer hours in which to exercise them, what do I focus on? Obviously, I try to first ensure that the functionality (whatever it is) works correctly. If it’s an ecommerce, can I buy something? If it’s a community blog, can I post something? But beyond the basics, what’s something efficient that will give me a big payoff in terms of bugs I can present to the customer?
I usually focus on forms. There are lots of complicated things you can do with forms – check them for security, try to do SQL injection, and so forth. But there are also some really simple things you can check for that a lot of web developers seem to miss the first time through. I especially like to check every field in a form for data types and field length. For example, if I have a registration form, I might test:
Name: How long a name can I enter? If the form states a character limit, does the field actually conform to it? Can I use special characters?
Email Address: Check length, as above. Does the form do any validation (for example, looking for at least one character followed by a “@” symbol and then more characters)?
Street Address: Length, special characters, validation, etc.
It’s always fun (for me) to check fields that are supposed to be limited to a certain data type. When a field asks for my age and lets me input “zysffwlkjssdff,” for example – that’s a bug (and kind of amusing). Date fields and forms are notorious for this – when you encounter a date entry field, always make sure it doesn’t let you put in dates that don’t exist (like April 31 or February 30). When a date range is asked for, try putting an end date before a start date. Watch the form choke and document your bug. 🙂