General test point ideas are summarized and shared, which can be directly used in interview and actual software testing

Test point ideas

Two blocks ：

1. Its own business functions .（ You can test any function you have , Such as WMS Whether the warehousing task can be issued according to the warehousing order ）

2. The test method ： Six categories

• function ： Seven ways to black box ：

Equivalent class boundary value （ It's everywhere , We have to come up with a , Where there are limits , Can be equivalent to class boundary value ）（ For example, can we choose the one with larger stock quantity for delivery , Can we just choose the maximum inventory ）

Decision table 、 Cause and effect diagram 、 Combine ： In the case of multiple fields , For example, inventory has a name 、 Color 、 size 、 weight , You can add a field, such as type Field , Or change the color to color , See if the system recognizes .

Scene method （ Process approach ）

Many fields , Multiple fields will have query function ： There's a search function , You can use combination testing , Can you just look up by color , Can I find it based on two fields , Can I find... Based on multiple fields （ Combine multiple fields , Decision table ）

• Ease of use ：

Hommization , Whether it is in line with aesthetics , If it is shown in detail , Are there any details , Can I go to the next page 、 Back to previous page , Whether the search field can be reset after error , Whether the layout of the page is the same , Whether the layout of the field is beautiful .（2、3 individual ）. Is the layout reasonable . Check if it's on the right , Reset if it's on the left （ It's customary ）

• Compatibility ：

Platform compatibility ：

app Compatibility with multiple systems , Android （ Huawei 、vivo、oppo wait ）、 Apple 、

win10、win7、win8

Browser compatibility ：

IE、Chrome、Firefox、safari、opera

• performance

Concurrent ： How many processing times per second , What happens when you exceed concurrency

Security （ If you don't want to say it, just give it to the security team for testing , As far as I know , They used fortify/webinspect These two vulnerability scanning tools are used for security testing ）

Four common web Loophole

1,sql Inject ： Such as ：select * from t_12306_user where id=‘31’ or 0=0; // hinder 0=0 Ahead of where Statement offsets

2,xss Cross site scripting attacks ： Enter the script directly in the text box , For example, where to enter the user name, enter （ Baidu JS Attack script or html Attack scripts and so on, you can find similar scripts ）

3, Cross Directory Access ： Change directly url Address , If you can directly access the interface of advanced users or administrators , There's a problem .

4, User rights access control ： For example, add permission function in Zen background （ Check box ）, Almost every backstage , As long as there are different roles （ Administrators 、 Ordinary users 、vip）, There is a difference in user rights . Testing requires different permissions for users , Log in to this user again , See if these permissions are configured , Is there more or less .

There are also some encryption algorithms

1, Asymmetric encryption RSA（ Developed by three people in Sweden , Asymmetric encryption algorithm ）： Two keys （ Two key）, A public key, a private key , Only the public key can encrypt , The private key can only be used to decrypt . Public key can circulate on the network , Decryption can only be performed by this private key , So the general private key is stored in the decryption . Even if you hijack the public key , It can't be decrypted .

The test is to see if the encryption is successful 、 Whether it can decrypt normally

2, Symmetric encryption DES、MD5（ Irreversible information summarization algorithm ,32 Bit string ）：DES, symmetry , Use the same key（ The same key ） Encrypt and decrypt a ciphertext （ Key text ）

The test is to see if the encryption is successful 、 Whether it can decrypt normally （ except md5 The disclosure of the ,md5 Can't decrypt ）

When the password is stored in the interface or database table , Be sure to show it in ciphertext , Whether sensitive fields are displayed in ciphertext on the page or in the background .

3. User's objective operation （ important ）：

The user repeatedly submits （ If you click many times quickly, you will get more money .）、 What if there are spaces in the input 、 Click submit or login directly （ Default value test ）.

Especially when it comes to hardware , The hardware is not working properly Whether the entity product status data can be fed back to the software in time

4. Three anomalies ：

• The Internet ：

Broken net （ Router settings mac Address filtering or turning off routers 、 Network card service can be disabled 、 Network blocker （ Like the radiation shield 、 Radiation shielding clothing 、 Elevator ）、 The network card is in arrears 、 Speed limit after using network card traffic ）、 Weak net （4G turn 3G,3G turn 2G,2G turn e The signal 、 The router sets current limiting 、 Driving 、 In the high-speed train ）

• DB：

DDL： rename table （ There needs to be an exception handling mechanism ）、 Synchronous or asynchronous request mode . Sync ： The client is waiting for the server to return data , For example, there is no exception handling mechanism , When an exception occurs, the client has to load all the time , Will not respond to error messages . Syncing is like making a phone call . asynchronous ： No need to wait for the server to confirm , It's like mass texting , After sending the message, it's over , Don't wait for .

DML： perform update or delete operation , Change the record of the table , So that the content of the query does not exist

Stop database , stop it mysqld

Not to users update jurisdiction （ Can only select）, Or not to users select jurisdiction .grant.

Modify any connection information , Whether you can query the database information normally . For example, modify the database url（ Address ）、 port 、 Library name 、 user name 、 password （ On the server jdbc It's in the file ）

• Server：

tomcat application server ,1. user name 、 password 、 port 、 Address （url） If not, can I access it normally ;2. You can stop the server （ It's easy to cause a timeout exception

Here's a message for you , Mutual encouragement ： When our abilities are insufficient , The first thing to do is internal practice ！ When we are strong enough , You can look outside ！

Finally, we also prepared a supporting learning resource for you , You can scan the QR code below via wechat , Free access 216 Page software testing engineer interview guide document information . And the corresponding video learning tutorial is free to share ！, The information includes basic knowledge 、Linux necessary 、Shell、 The principles of the Internet 、Mysql database 、 Special topic of bag capturing tools 、 Interface testing tool 、 Test advanced -Python Programming 、Web automated testing 、APP automated testing 、 Interface automation testing 、 Testing advanced continuous integration 、 Test architecture development test framework 、 Performance testing 、 Safety test, etc. .

Welcome to the official account 【 Programmer Yifan 】, reply ： Information （ Video tutorial ,PDF file , Interview questions ）