Template: Web Application Checklist
This is a checklist which you can use to check web applications. Since web applications are naturally very diverse, the template is kept rather generic. You will probably want to add more items that fit your project.
The screenshots included are meant as a sample for how a extensively described item can look like. You can delete them and/or replace them with your own screenshots.
As always: We're happy about suggestions. Contact us!
Please log in to copy this checklist into your account.
Don't have an account yet? Checkpanel offers easy to use checklists for items that you want to check frequently. Know when each item was last tested. Report failures with details. Set reminders. Collaborate.
Test if the home page loads as expected. It loads correctly if:
- the expected content is loaded
- no error messages are displayed
- HTTP status code 200 is returned
Compare with the following screenshot to be sure:
Check if contact form is reachable, insists on all required fields and delivers the messages.
The contact form page should look like this:
Validate required fields
If no email address is entered, the form should not be transmitted. Try to submit the form without an email address and make sure that the result looks like this:
Validate confirmation message
Correctly enter all fields and submit the form. A confirmation message should appear:
Make sure that the message you just submitted does indeed reach the recipient.
Verify that users can log in with correct credentials and cannot login without them.
1. Verify that login is not possible without the correct credentials
Enter a valid user name, but an invalid password. Login should be denied and an error message should display.
Important: For security reasons, the error message must not give any hint if the account which you just tried to log in for does actually exist.
Here's how the error should look like:
2. Verify that login with correct credentials is possible
Enter correct login credentials. No error message should appear and you should be redirected to the index page.
Verify that users can log out.
Make sure that they are really logged out after using the log out button. Try to access a protected ressource and see if it is not accessible anymore.
If your site uses SSL, make sure that the certificate is still valid and does not provoke a browser warning. Also check that the certificate is not about to expire.
1. Check current state
If the certificate is valid, the browser should display a secured connection similar to this:
Under no circumstances, users should see a warning like this one:
2. Check expiration time
Make sure that the certificate will not expire soon. Users will receive warnings as soon as it is expired, so you should update it well before that time.
Here's how to check when the certificate will expire in Firefox:
- Click on the lock symbol in the address bar:
- Click on 'More Information...':
- Click on 'View Certificate':
- Check the date under 'Expires On':
If the expiration date is less than two months in the future, you should update the certificate.