Check list for backend

Severity

• The mandatory fields are indicated by an asterisk (*) symbol
• Check validation error messages are displayed properly at correct positions
• Tool tips text should be meaningful
• Dropdown fields should have first entry as blank or text like ‘Select’
• All numeric values should be formatted properly
• Check text on all pages for spelling and grammatical errors
• Check functionality of buttons available on all pages

Priority

• Ensure that delete functionality for any record on page is asking for confirmation
• Input fields should be checked for max field value. Input values greater than specified max limit should not be accepted or stored in the database
• Check if downloadable files are pointing to correct file paths
• Check if application crash or unavailable pages are redirected to the error page
• Check numeric input fields with character input values. Proper validation message should appear
• Verify that the user is not allowed to submit a page twice by pressing submit button in quick succession
• Input data with first and last position blank should be handled correctly
• In date field check if start date is greater then end date.
• Deleted data should be updated on the hit of URL

Check list for frontend

Search Engine Optimization

• Ensure your website is responsive and provides a good user experience on mobile devices.
• Optimize images, use browser caching, and minimize server response time to improve loading speed.
• Secure your website with HTTPS to enhance user trust and gain a ranking boost from search engines.
• Create and submit an XML sitemap to search engines to help them crawl and index your pages.
• Use a robots.txt file to guide search engines on which pages to crawl and which to exclude.
• Set canonical URLs to prevent duplicate content issues and guide search engines to the preferred version of a page.
• Optimize meta titles and descriptions for each page with relevant keywords and a compelling call to action.
• Use header tags to structure your content and signal its hierarchy to search engines.
• Provide descriptive alt text for images to make them accessible to users and search engines.

Performance Testing

• Google page speed
• Test your mobile speed with Google
• WebPagetest - Website Performance and Optimization Test
• GTmetrix - Website speed and performance optimization

Optimization

• Optimize images for ensuring your images look flawless on desktop and mobile
• Minify CSS, JS and HTML

Cross-Site Scripting

• Start by manually inspecting the website's input fields, URLs, and areas where user-generated content is displayed. Look for places where unvalidated or unsanitized data is being used. Try injecting simple scripts to see if they are executed.
• Test all input fields (text boxes, text areas, etc.) with various payloads, including:

    <script>alert("XSS");</script>
    <img src=x onerror=alert("XSS")>
  

• Manipulate URL parameters to see how the application handles them. For example:

  https://example.com/page?parameter=<script>alert("XSS");</script>
  

• Test how the application handles different HTTP methods (GET, POST, etc.) with payloads in request parameters and bodies.
• Explore how the website handles cookies. Test if you can manipulate cookies and if they are properly secured.

SQL Injection

• Locate forms, search boxes, and any input fields that send data to the server.
• Look for URL parameters that are used in database queries.
• Enter a single quote (') into input fields or URL parameters and observe the response.
• If an error message or unexpected behavior occurs, it might indicate a potential vulnerability.
• Enter SQL keywords like SELECT, UNION, AND, OR, and others into input fields.
• Observe if the application responds in a way that suggests it's interpreting your input as SQL code.
• Test both numeric and non-numeric inputs to see if the application handles them differently.