User Interface
Tab Order - Is there a logical order to using the tab key?
Username field focus - when arriving at the page is the cursor focused on the username field?
Use of enter key - does selecting enter activate the Login button?
Accessibility - are the form fields correctly identified and labelled?
The look - does it look ok? Everything aligned ok?
Content - is the content up to scratch? Any typos?
Links - are there any other existing links on the page? Are they valid?
Security
Password - is it shown in asterisks?
Password - can it be copied and pasted?
Password - is there a minimum complexity on the password?
View Source - is valuable information given away in the HTML source code?
SQL Injection - is it vulnerable to SQL input?
Pages - can pages behind the wall be accessed without logging in?
URL Manipulation - can the URLs be edited to gain access where it should not be allowed?
Multiple accounts - can different accounts be logged in at the same time in the same browser?
Cookies - can they be edited? Disabled?
Functionality
Login - is it possible to login successfully? Unsuccessfully?
Logout - if user logs out, do they log out as expected?
Forgot password - does it exist? does the process work? Is it prone to security failure? URL
manipulation?
Back and Forward buttons - how does the application cope when using the browser Back and Forward
buttons?
Remember me - is there a “Remember me” option? Does it as standard? What if password is changed?
Compatibility - is there a need to test in other browsers?
Data - is there a minimum or maximum length of characters? What are the boundaries? What are the
allowed characters?
Error handling - how are errors handled and displayed?
Tab Order - Is there a logical order to using the tab key?
Username field focus - when arriving at the page is the cursor focused on the username field?
Use of enter key - does selecting enter activate the Login button?
Accessibility - are the form fields correctly identified and labelled?
The look - does it look ok? Everything aligned ok?
Content - is the content up to scratch? Any typos?
Links - are there any other existing links on the page? Are they valid?
Security
Password - is it shown in asterisks?
Password - can it be copied and pasted?
Password - is there a minimum complexity on the password?
View Source - is valuable information given away in the HTML source code?
SQL Injection - is it vulnerable to SQL input?
Pages - can pages behind the wall be accessed without logging in?
URL Manipulation - can the URLs be edited to gain access where it should not be allowed?
Multiple accounts - can different accounts be logged in at the same time in the same browser?
Cookies - can they be edited? Disabled?
Functionality
Login - is it possible to login successfully? Unsuccessfully?
Logout - if user logs out, do they log out as expected?
Forgot password - does it exist? does the process work? Is it prone to security failure? URL
manipulation?
Back and Forward buttons - how does the application cope when using the browser Back and Forward
buttons?
Remember me - is there a “Remember me” option? Does it as standard? What if password is changed?
Compatibility - is there a need to test in other browsers?
Data - is there a minimum or maximum length of characters? What are the boundaries? What are the
allowed characters?
Error handling - how are errors handled and displayed?
