Module Test Case ID Description

Security

SEC-001 Verify secure handling of sensitive lo

SEC-002 Verify secure handling of payment re

SEC-003 Verify SQL injection protection

SEC-004 Verify protection against Cross-Site S

SEC-005 Verify access control for payment mo

SEC-006 Verify encrypted communication for e

SEC-007 Verify encrypted database connectio

SEC-008 Verify failure response for invalid lo

SEC-009 Verify secure handling of session tok

SEC-010 Verify protection against brute force

SEC-011 Verify data leakage prevention in log

SEC-012 Verify secure file uploads

SEC-013 Verify protection against session hija

SEC-014 Verify password policy enforcement

SEC-015 Verify response headers for security

SEC-016 Verify logout functionality clears sess

SEC-017 Verify encrypted storage of sensitive

SEC-018 Verify access control for administrat

SEC-019 Verify protection against man-in-the-

SEC-020 Verify handling of expired tokens

SEC-021 Verify API keys are rotated periodical

 SEC-021 Verify API keys are rotated periodical

SEC-022 Verify system prevents privilege esca

SEC-023 Verify protection against Open Redire

SEC-024 Verify CAPTCHA is enforced for login

SEC-025 Verify two-factor authentication (2F

SEC-026 Verify response to malformed reques

SEC-027 Verify idle session timeout behavior

SEC-028 Verify access to audit logs

SEC-029 Verify protection against clickjacking

SEC-030 Verify secure handling of backup dat

Perf

PERF-001 Verify system performance with 100

PERF-002 Verify system performance with 1000

PERF-003 Verify handling of large queues with

PERF-004 Verify handling of 100,000 WIs in qu

PERF-005 Verify response time for WI search u

PERF-006 Verify response time for queue refre

PERF-007 Verify response time for queue refre

PERF-008 Verify stability during scheduled ma

PERF-009 Verify stability during unscheduled

PERF-010 Verify load balancing under 500 conc

PERF-011 Verify database query performance fo

 PERF-011 Verify database query performance fo

PERF-012 Verify system's maximum concurrent

PERF-013 Verify system behavior under sudden

PERF-014 Verify response time for API calls und

PERF-015 Verify resource utilization under ma

Field Visit

FV-001 Verify field visit details are captured

FV-002 Verify system handles missing field vis

FV-003 Verify real-time updates for field visi

FV-004 Verify system behavior when real-tim

FV-005 Verify the ability to reassign field vis

FV-006 Verify system behavior when attemptin

FV-007 Verify field visit reports are accurate

FV-008 Verify field visit reports include all fie

FV-009 Verify ability to export field visit repo

FV-010 Verify system behavior when export f

FV-011 Verify system can handle the maximum

FV-012 Verify system can handle extremely lon

FV-013 Verify system handles dates in extre

FV-014 Verify system handles large volume of

FV-015 Verify system handles missing mandator

FV-016 Verify system allows marking of multipl

FV-017 Verify system displays field visit statu

FV-018 Verify field visit reassignment notifies

FV-019 Verify field visit reassignment notifi

FV-020 Verify handling of network failures du

FV-021 Verify system handles special character

FV-022 Verify field visit details are visible i

FV-023 Verify error handling when attempting

FV-024 Verify system handles date and time co

FV-025 Verify field visit report includes overd

FV-026 Verify system allows deletion of field

FV-027 Verify field visit tracking with incomp

FV-028 Verify handling of multiple simultaneo

FV-029 Verify system allows attaching files to

FV-030 Verify file attachment limit for field vi

FV-031 Verify field visit scheduling is disable

FV-032 Verify field visit actions are logged

FV-033 Verify system shows a confirmation me

FV-034 Verify system handles time zone differ

 FV-035 Verify field visit scheduling for public

Exception handeling

EX-001 Verify system behavior when an inva

EX-002 Verify system behavior when a non-e

EX-003 Verify handling of failed uploads in

EX-004 Verify handling of failed downloads

EX-005 Verify system response for duplicate

EX-006 Verify error messages are user-friend

EX-007 Verify system behavior when entering

EX-008 Verify error message when entering

EX-009 Verify boundary behavior with max

EX-010 Verify system behavior when enterin

EX-011 Verify handling of file uploads exceed

EX-012 Verify system response when a non-pe

EX-013 Verify system behavior when submitti

EX-014 Verify error message for invalid file

EX-015 Verify error handling when trying to

EX-016 Verify system behavior when trying t

EX-017 Verify system response to simultan

EX-018 Verify system response to multiple fa

EX-019 Verify error message when submitting

EX-020 Verify handling of invalid WI number

EX-021 Verify system behavior when submitti

EX-021 Verify system behavior when submitti

EX-022 Verify system behavior when searching

EX-023 Verify system behavior when uploadin

EX-024 Verify system behavior when submitti

EX-025 Verify system response when uploadi

EX-026 Verify system behavior when a docume

EX-027 Verify handling of a blank search resu

EX-028 Verify system response when enterin

EX-029 Verify handling of document upload w

EX-030 Verify error handling when trying to

EX-031 Verify system behavior when uploadi

EX-032 Verify system behavior when submitti

EX-033 Verify system behavior with file type

EX-034 Verify system behavior when no resul

EX-035 Verify error handling when form subm

EX-036 Verify system behavior when WI numb

EX-037 Verify handling of empty document tit

EX-038 Verify handling of duplicate WI numb

EX-039 Verify system behavior when submitti

EX-040 Verify handling of blank file fields

 Test Steps Expected Outcome Pass/Fail Criteria
1. Log in as a user.
2. Access the loan details section.
3. Inspect data for sensitive deta Loan details are securely masked oData is securely displayed.
1. Log in as a user with access to
2. Inspect the payment records. Payment records are encrypted orData is securely displayed.
1. Inject SQL commands into input
2. Submit the inputs. Application rejects the SQL inject Application response is secure.
1. Inject malicious JavaScript payl
2. Submit the inputs and observe The application sanitizes input an Application response is secure.
1. Log in as a user without paym
2. Attempt to access payment-relaAccess is denied with a proper errAccess policies are enforced.
1. Monitor network traffic during A
2. Analyze traffic for unencryptedAPI communication uses secure prot Communication is encrypted.
1. Inspect database connection co
2. Ensure secure communication is All database communication is encr Communication is encrypted.
1. Attempt multiple invalid login
2. Observe if detailed error mess Application displays generic error Error messages are generic.
1. Log in as a valid user.
2. Inspect session tokens for securSession tokens are securely handl Tokens are securely configured.
1. Attempt multiple rapid login a
2. Monitor account lockout behavThe application enforces lockout pLockout policies are enforced.
1. Trigger errors in the application
2. Inspect server logs for sensiti Logs do not contain sensitive info Logs are secure.
1. Upload a file with malicious con
2. Observe the file handling behavThe application rejects malicious fMalicious files are rejected.
1. Log in as a valid user.
2. Attempt to reuse the session t Session reuse from a different deviSession tokens are secure.
1. Attempt to create a weak passw
2. Try variations with short lengthPassword policy enforces minimum Password policy is enforced.
1. Inspect HTTP response headers
2. Ensure security headers like X-Frame-Options
The application includes
, Content-Security-Policy
appropriaSecurity headers
, and Strict-Transport-Security
are present. are present.
1. Log in as a user.
2. Perform logout.
3. Attempt to reuse the same ses The session token is invalidated, aSessions are cleared on logout.
1. Inspect the database for sensit
2. Check for encryption in storageSensitive data is stored using encrData is securely stored.
1. Log in as a non-admin user.
2. Attempt to access admin-only pAccess is denied with an appropri Admin module is secure.
1. Intercept application traffic usi
2. Observe whether data is encrypAll traffic between client and serv Communication is encrypted.
1. Log in and obtain a valid sessio
2. Wait until the token expires.
3. Attempt to use the expired tok Application rejects expired tokensExpired tokens are rejected.
1. Obtain an API key.

API keys are valid only for a defin Keys are rotated periodically.
2. Attempt to use the key after its
3. Verify access is denied. API keys are valid only for a defin Keys are rotated periodically.
1. Log in as a standard user.
2. Attempt to perform admin-onlyApplication denies the actions an Privileges are enforced.
1. Manipulate redirect URLs in HT
2. Observe whether the applicatioApplication sanitizes redirect URL Redirects are secure.
1. Attempt multiple failed logins.
2. Check whether CAPTCHA is trigg CAPTCHA is enforced to prevent aCAPTCHA is triggered.
1. Log in as a user.
2. Verify 2FA prompt (e.g., OTP vi
3. Attempt to bypass 2FA. 2FA is enforced, and bypass attem2FA is secure.
1. Send malformed API requests w
2. Observe server response. Application rejects malformed requ Server handles errors securely.
1. Log in as a user.
2. Leave the session idle beyond t
3. Attempt to perform actions. Application logs the user out autoSessions timeout as expected.
1. Log in as a non-admin user.
2. Attempt to access the audit logAccess to audit logs is restricted t Audit logs are secure.
1. Embed application pages in an
2. Observe application behavior. Application prevents embedding inClickjacking
iframes using
is prevented.
X-Frame-Options headers.
1. Inspect backup files for sensiti
2. Verify encryption. Backup data is encrypted and storBackup data is secure.

1. Simulate 100 concurrent user se

2. Measure response times for c System maintains acceptable respo Response times are within SLA.
1. Simulate 1000 concurrent users
2. Monitor CPU, memory, and da System performs optimally under System 10 stability is maintained.
1. Load a queue with 10,000 Work
2. Perform actions like sorting, fi System processes actions efficientActions complete within limits.
1. Load a queue with 100,000 WIs
2. Perform frequent updates and System handles updates and deletiQueue actions perform as expected
1. Simulate 100 users searching f
2. Measure response times for seaSearch results are returned withinSearch response is consistent.
1. Populate a queue with 1000 WI
2. Trigger multiple refresh actio Queue refresh completes within SLA Refresh response is acceptable.
1. Populate a queue with 50,000
2. Trigger refresh actions and ob Queue refresh completes without Refresh
e is stable.
1. Simulate maintenance activitie
2. Perform critical actions durin System remains stable, with minima System stability is maintained.
1. Simulate an unscheduled mainte
2. Measure system recovery timeSystem recovers within acceptableRecovery time is acceptable.
1. Configure load balancing across
2. Simulate 500 concurrent users Load is evenly distributed across sLoad is balanced effectively.
1. Execute queries on datasets con
Database queries execute within aQueries perform optimally.
2. Measure query execution timesDatabase queries execute within aQueries perform optimally.
1. Gradually increase concurrent
2. Monitor system behavior. System handles sessions up to its Maximum capacity is stable.
1. Simulate a sudden increase in u
2. Observe system response. System auto-scales or manages resLoad spikes are handled.
1. Simulate 500 concurrent API re
2. Measure response times and erAPI calls return responses within SAPI performance is acceptable.
1. Simulate maximum expected lo
2. Monitor CPU, memory, and diskResource
u utilization remains belo Resource usage is within limits.

1. Access a Work Item (WI) in the

2. Capture field visit details (e.g.,
3. Save the details. Field visit details are successfull Details are saved correctly.
1. Access a WI and attempt to save
2. Try to save the entry. System prompts the user to enter Error
a prompts are displayed.
1. Mark a payment as collected dur
2. Verify the status is updated in
3. Check the status is visible to ot Payment collected action is updateReal-time update works as expecte
1. Attempt to mark a field visit a
2. Try to save the action. System displays a failure message Failure message appears.
1. Access a field visit assigned to
2. Reassign the field visit to User
3. Verify User B can view and editFieldt visit is successfully reassign Reassignment is successful.
1. Reassign a field visit to User A.
2. Attempt to reassign it to User B
3. Verify system behavior. System does not allow reassigningProper validation is applied.
1. Complete a field visit with all
2. Generate a report for the field vReport generated includes accurate Report is accurate.
1. Complete a field visit with all r
2. Generate and review the repor
3. Ensure all fields (e.g., WI ID, The report includes all required deReport contains all fields.
1. Generate a field visit report.
2. Export the report in a supporteThe report is successfully exporte Report is exportable.
1. Attempt to export a report in an
2. Observe system behavior. System displays an error message Error
a is handled correctly.
1. Attempt to log field visit detai
2. Verify system handles this loadSystem can handle a large numberSystem handles load effectively.
1. Enter an extremely long field vi
2. Save and view the field visit detField visit description is saved wit Description is saved as entered.
1. Enter a field visit date that is 5
2. Enter a field visit date that is 5
3. Verify system behavior. System correctly handles extremeSystem handles dates appropriatel
1. Create field visits with a large
2. Generate a report. Report generation completes succe Report is generated without errors
1. Attempt to save a field visit w
2. Observe the behavior. System prompts the user to fill in Error message displayed.
1. Complete a field visit with act
2. Mark multiple actions for the vi
3. Save. Multiple actions are successfully saActions are saved correctly.
1. Complete a field visit with all
2. Check the field visit status in
3. Verify the status is updated. Field visit status (e.g., Complete Status is updated correctly.
1. Reassign a field visit from User
2. Verify if User A receives a not User A receives a notification abouUser receives notification.
1. Reassign a field visit to User B.
2. Verify User B receives a notifi User B receives a notification abouUser B receives notification.
1. Mark a field visit as completed
2. Retry after network restoration
3. Verify field visit details are up System allows retry after network Retry
r and update work as expected
1. Enter special characters (e.g.,
2. Save and view the details. Field visit description is saved wi Special characters are saved.
1. Generate a field visit report fo
2. Verify the field visit details ar Report generated includes all fieldReport is accurate and permission-
1. Attempt to reassign a field visi
2. Observe system behavior. System displays an error indicatin Error message is displayed.
1. Schedule a field visit for a dat
2. Verify system behavior when tryi System detects the conflict and prConflict is prevented.
1. Create a field visit with a past
2. Generate a report that includes
3. Verify overdue visits are listed. Overdue field visits are displayed Overdue visits are listed correctly.
1. Attempt to delete a field visit th
2. Attempt to delete a field visit
3. Verify system behavior. System only allows deletion of fielDeletion rules are applied correctly
1. Begin a field visit but do not c
2. Save and check the system behSystem tracks incomplete actions aIncomplete actions are tracked.
1. Simultaneously update multiple
2. Observe system behavior. System allows simultaneous updates Updates occur simultaneously.
1. Attach files (e.g., scanned docu
2. Verify files are successfully sa Files are successfully attached andFile attachment works as expected.
1. Attempt to attach a file exceedi
2. Observe system behavior. System displays an error message Error
i message is displayed.
1. Attempt to schedule a field vis
2. Observe system behavior. System prevents scheduling of fielField visit scheduling is prevented.
1. Perform a field visit action (e.
2. Check the logs to verify action Field visit actions are logged wit Timestamp is accurate.
1. Save a field visit after entering
2. Observe the confirmation messSystem displays a confirmation mess Confirmation message is displayed.
1. Schedule a field visit for a user
2. Verify the field visit time is di System adjusts field visit times ba Time zone is handled correctly.
1. Attempt to schedule a field visi
2. Verify if the system allows sch System allows scheduling field visitScheduling works as expected.

1. Enter an invalid WI number in

2. Click search. System displays an appropriate errError message displayed.
1. Enter a WI number that does no
2. Click search. System indicates that the WI numbe Error message displayed.
1. Attempt to upload a document (
2. Click upload. System shows an error message abo Error message displayed.
1. Attempt to download a document
2. Click download. System shows an error message ind Error message displayed.
1. Enter a disposition code that
2. Click save or submit. System displays an error message Error message displayed.
1. Enter an invalid value or perfor
2. Observe the error message. The error message is clear, user-frError message is user-friendly.
1. Enter special characters in th
2. Click search. System should handle special charSpecial characters handled correctl
1. Leave the WI number field emp
2. Click search. System shows an error message inError message displayed.
1. Enter the maximum allowed leng
2. Click search. System accepts the maximum lengt WI number accepted correctly.
1. Enter a WI number longer than
2. Click search. System displays an error message Error message displayed.
1. Attempt to upload a file exceedi
2. Click upload. System shows an error message indi Error message displayed.
1. Attempt to upload a non-permitt
2. Click upload. System displays an error message Error
in message displayed.
1. Leave a required field empty in
2. Click submit. System highlights the missing fieldMissing fields are highlighted.
1. Attempt to upload a file with a
2. Click upload. System displays an error message Error
in message displayed.
1. Attempt to submit a form with
2. Submit the form. System detects the duplicate entriDuplicate entries detected.
1. Upload a document with invalid
2. Click save. System prevents saving and display Document is not saved.
1. Attempt to upload and downlo
2. Observe system behavior. System processes both actions with Actions handled simultaneously.
1. Attempt to log in with incorrec
2. Observe system behavior. System locks the user account or sAccount lockout message displayed
1. Enter data in an incorrect forma
2. Submit the form. System displays an error message Error
i message is displayed.
1. Attempt to fetch a WI number f
2. Observe system behavior. System handles the error gracefullError message displayed.
1. Leave required fields (e.g., W
System displays validation message Validation message displayed.
2. Click submit. System displays validation messageValidation message displayed.
1. Enter special characters (e.g., <>^&*) in the WI search field.
2. Click search. System either accepts the input o Error message or successful search
1. Attempt to upload a large image
2. Click upload. System displays an error message Error
in message displayed.
1. Enter an invalid date format (e
2. Submit the form. System displays an error message Error
i message displayed.
1. Attempt to upload a corrupt fil
2. Click upload. System displays an error message Error
i message displayed.
1. Disconnect network or simulat
2. Click upload. System shows an error message inError message displayed.
1. Search for a non-existing WI n
2. Click search. System returns a blank result withNo results and message displayed.
1. Enter an invalid phone number f
2. Click submit. System displays an error message Error message displayed.
1. Upload a document without a fi
2. Click upload. System shows an error message indiError message displayed.
1. Attempt to delete a non-exist
2. Click delete. System displays an error message Error message displayed.
1. Attempt to upload multiple do
2. Click upload. System processes all uploads correc
All files processed or error shown
1. Enter an invalid numeric value (
2. Submit the form. System displays an error message Error
i message displayed.
1. Attempt to upload a .exe file.
2. Click upload. System shows an error message indiError message displayed.
1. Search using a wildcard charac
2. Click search. System should return no results wNo results message displayed.
1. Enter a value in a text field th
2. Submit the form. System displays an error message Error
i message displayed.
1. Enter only spaces in the WI num
2. Click search. System displays an error message Error message displayed.
1. Attempt to upload a document w
2. Click save/upload. System displays an error message Error message displayed.
1. Enter an existing WI number wh
2. Submit the form. System detects the duplicate and dDuplicate WI number detected.
1. Enter an invalid email address
2. Click submit. System displays an error message Error
i message displayed.
1. Leave the document upload fie
2. Click upload. System displays an error message Error
in message displayed.
 Change Type Defect Severity

Configuration Update High

Configuration Update High

Code Fix Critical

Code Fix Critical

Policy Update High

Configuration Update Critical

Configuration Update High

Configuration Update Medium

Configuration Update High

Policy Update High

Configuration Update High

Code Fix High

Code Fix Critical

Policy Update High

Configuration Update Medium

Configuration Update High

Configuration Update High

Policy Update High

Configuration Update Critical

Configuration Update Medium

Configuration Update Medium

Configuration Update Medium

Code Fix High

Code Fix High

Policy Update Medium

Policy Update High

Code Fix High

Configuration Update Medium

Policy Update High

Code Fix High

Configuration Update Critical

Optimization High

Optimization Critical

Optimization High

Optimization Critical

Configuration Update High

Optimization Medium

Optimization High

Maintenance Update Medium

Maintenance Update Critical

Configuration Update High

Optimization High
Optimization High

Configuration Update High

Configuration Update High

Optimization High

Optimization Critical

Feature Addition High

Validation Update High

Feature Addition Medium

System Update High

Feature Update Medium

Validation Update High

Feature Addition High

Feature Addition Medium

Feature Addition Medium

Validation Update Medium

Load Testing High

Feature Addition Medium

Validation Update Medium

Performance Testing High

Validation Update High

Feature Addition Medium

Feature Update High

Feature Addition Medium

Feature Addition Medium

System Update High

Feature Addition Medium

Permission Update High

Validation Update High

Validation Update Medium

Report Update Medium

Feature Update High

Feature Update Medium

Performance Update High

Feature Addition Medium

Validation Update High

Validation Update High

Feature Addition Medium

Feature Update Low

Feature Update Medium

Feature Update Low

Validation Update High

Feature Update High

Feature Update High

Feature Update High

Validation Update High

Feature Update Medium

Feature Update Medium

Validation Update Medium

Feature Update Low

Validation Update High

Validation Update Medium

Validation Update High

Validation Update Medium

Feature Update High

Validation Update High

Validation Update Medium

Performance Update Medium

Security Update High

Validation Update High

Feature Update High

Validation Update Medium

Validation Update Medium

Validation Update Medium

Validation Update High

Validation Update Medium

Feature Update High

Feature Update High

Feature Update Low

Validation Update Medium

Validation Update High

Feature Update High

Performance Update Medium

Validation Update High

Validation Update High

Feature Update Low

Validation Update High

Validation Update Medium

Feature Update Medium

Validation Update High

Validation Update Medium

Validation Update High