Testing Fundamentalstesting~10 mins

OWASP Top 10 awareness in Testing Fundamentals - Test Execution Trace

Choose your learning style9 modes available

Learn Why Deep Trace Try Challenge Automate Recall Frame

Test Overview

This test checks if the web application properly handles input validation to prevent Injection attacks, one of the OWASP Top 10 security risks. It verifies that malicious input is rejected and an error message is shown.

Test Code - Selenium with unittest

Testing Fundamentals

from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
import unittest

class TestInjectionPrevention(unittest.TestCase):
    def setUp(self):
        self.driver = webdriver.Chrome()
        self.driver.get('https://example.com/login')

    def test_sql_injection_rejection(self):
        driver = self.driver
        # Wait for username field
        WebDriverWait(driver, 10).until(EC.presence_of_element_located((By.ID, 'username')))
        username_input = driver.find_element(By.ID, 'username')
        password_input = driver.find_element(By.ID, 'password')
        submit_button = driver.find_element(By.ID, 'submit')

        # Enter SQL injection attempt
        username_input.send_keys("' OR '1'='1'")
        password_input.send_keys('password')
        submit_button.click()

        # Wait for error message
        error_element = WebDriverWait(driver, 10).until(
            EC.presence_of_element_located((By.ID, 'error-message'))
        )

        # Verify error message text
        self.assertIn('Invalid username or password', error_element.text)

    def tearDown(self):
        self.driver.quit()

if __name__ == '__main__':
    unittest.main()

Execution Trace - 8 Steps

Step	Action	System State	Assertion	Result
1	Test starts and Chrome browser opens	Browser is open at https://example.com/login page with username and password fields visible	-	PASS
2	Wait until username input field is present	Username input field is visible and ready for input	Presence of element with ID 'username'	PASS
3	Find username, password input fields and submit button	All required input elements are located on the page	-	PASS
4	Enter SQL injection string "' OR '1'='1'" into username field and 'password' into password field	Input fields contain the test data	-	PASS
5	Click the submit button to attempt login	Form submitted, page processes input	-	PASS
6	Wait for error message element with ID 'error-message' to appear	Error message is displayed on the page	Presence of element with ID 'error-message'	PASS
7	Check that error message text contains 'Invalid username or password'	Error message text is visible and readable	Error message text includes expected rejection message	PASS
8	Test ends and browser closes	Browser is closed, test resources cleaned up	-	PASS

Failure Scenario

Failing Condition: The application does not reject the SQL injection input and allows login or shows no error message

Execution Trace Quiz - 3 Questions

Test your understanding

What does the test verify after submitting the SQL injection input?

AThat the user is logged in successfully

BThat an error message saying 'Invalid username or password' appears

CThat the page reloads without any message

DThat the password field is cleared

Key Result

Always test for OWASP Top 10 risks like Injection by simulating malicious inputs and verifying the application properly rejects them with clear error messages.