- Authentication Testing means whether the User is valid or not.
- Test the application with multiple sets of User’s credentials (Data) and check that whether the app is properly authenticating or not.
- It will be performed in two ways:
- Test the application with valid and invalid credentials. If it is valid then app has to display the homepage. If it is invalid then app has to display the proper validation message.
- Go to the database of the application & check that whether the credentials are available in the database or not.
Direct URL Testing:
Take the URL of a secured page & try to access it in a new browser, where the application should not be accessible.
Example: Login in Gmail.com >> Take the URL of the Homepage >> Open a new browser >> access the URL where it should not be accessible.
If is accessible then the app is not secured.
Firewall Leakage Testing:
Login into the application as one level of User & try to access the data beyond your limitation.
- Check that whether the app is displaying the fields as per User’s role or not is known as Firewall Leakage Testing.