Experiment No .

Student Name: KUNDAN KUMAR UID: 23MCA20390

Branch: UIC
Section/Group: Date of Performance:31/01/2024
Subject Name: Software Testing Subject Code: 23-CAH-553

Aim/Overview of the practical:

Creating a test plan for flipkart

1.Introduction

Flipkart Private Limited is an Indian e-commerce company, headquartered in Bangalore, and

incorporated in Singapore as a private limited company. The company initially focused on
online book sales before expanding into other product categories such as consumer
electronics, fashion, home essentials, groceries, and lifestyle products.Flipkart was founded in
October 2007 in Bangalore by Sachin Bansal and Binny Bansal,

Purpose of the test plan

Function validation :- Ensure that all features on the website work as intended. This includes
critical functions like user registration, product search, shopping cart, and checkout.

Performance and Compatability Testing: :-Assess the website's performance under various
conditions, including heavy user loads. Verify that the website works seamlessly across
different browsers, devices, and operating systems

Usability and Responsive: :-Evaluate the user interface and experience to ensure it is intuitive
and easy to navigate. Usability testing helps identify any design issues that might affect user
satisfaction. Confirm that the website is optimized for mobile devices. With increasing use of
smart phone and tablet on various screen sizes.

Security and Authentication::- Identify and address potential vulnerabilities that could
compromise user data or the integrity of the platform. Confirm that user authentication (login)
and authorization (access to specific features) processes are secure and functional.

2. Objectives
a.) The main objectives of testing flipkart are to ensure the reliable functionality, security, and
positive user experience of the platform.

b.) This includes validating features, assessing performance, confirming security measures, and
ensuring compatibility across various devices and environments.

c.) Testing aims to identify and address potential issues before they impact users, maintaining
the overall quality and trustworthiness of the online marketplace.

4. Features to be tested:

a) User Registration: Verify secure account creation.

b) User Login: Authenticate user credentials securely.

c) Product Search: Validate accurate and relevant search results.

d) Product Detail Pages: Confirm correct display of product details.

e) Shopping Cart: Test functionality of adding, removing, and modifying items.

f) Checkout Process: Ensure smooth and secure checkout and payment.

g) Order Processing: Validate accurate order processing and confirmations.

h) Account Management: Verify user ability to update account information.

i) Customer Support Features: Test FAQs, contact forms, and help resources.

j) Security Features: Validate measures to protect user data and transactions.

k) Mobile Responsiveness: Ensure functionality on various devices.

l) International Transactions: Test features for global transactions and currency conversions.

(5.) Testing Approach:

 a) Comprehensive Testing Levels: Implement thorough testing at multiple levels, including unit
testing for individual components, integration testing for component interactions, and system
testing for overall functionality

b) Diverse Testing Types: Employ various testing types such as functional testing to validate
features, performance testing to ensure scalability, and security testing to identify and address
vulnerabilities.

c) Automation and Continuous Testing: Utilize automated testing for efficiency, particularly in
regression testing, and implement continuous testing practices throughout the development
life cycle to detect and resolve issues early

6. Security testing

1. Data Encryption:
 Ensure that all sensitive data, including user credentials and financial information, is
transmitted securely over HTTPS.
2. Authentication and Authorization:
 Verify the effectiveness of the login and authentication mechanisms.
 Ensure that only authorized users have access to specific functionalities and data.
3. Payment Security:
 Assess the security of payment gateways to ensure the confidentiality and integrity of
financial transactions.
 Verify compliance with Payment Card Industry Data Security Standard (PCI DSS)
requirements.
4. Session Management:
 Test for secure session handling mechanisms to prevent session-related vulnerabilities,
such as session hijacking or fixation.
5. Input Validation:
 Validate user inputs to prevent common web vulnerabilities like SQL injection, cross-site
scripting (XSS), and cross-site request forgery (CSRF).
6. Security Headers:
 Check for the presence and proper configuration of security headers such as Content
Security Policy (CSP), Strict-Transport-Security (HSTS), and X-Content-Type-Options.
7. File Upload Security:
 If the website allows file uploads, ensure that there are proper restrictions in place to
prevent malicious file uploads.
8. API Security:
 Assess the security of any APIs used by the website, ensuring proper authentication,
authorization, and data protection.
9. Security Patching:
 Regularly update and patch all software and frameworks to address known
vulnerabilities.
10.Security Monitoring:
 Implement monitoring mechanisms to detect and respond to security incidents in real-
time.
11.Mobile Security (if applicable):
 If there's a mobile application associated with the website, conduct security testing for
mobile-specific vulnerabilities.
12.Third-Party Integrations:
 Verify the security of third-party components and integrations, such as plugins and
libraries, to prevent vulnerabilities introduced by external dependencies.
13.Privacy and Data Protection Compliance:
Ensure compliance with relevant data protection and privacy regulations, such as GDPR or
applicable local laws.
14.Social Engineering Awareness:
 Test for susceptibility to social engineering attacks, both online and offline.

7. Test Deliverables

 Test plan for E-commerce platform

 Test cases
 Test data
 Test execution
 Test execution report and defect report
 Performance test result
 Security test result

8. Test environment

 Servers: Set up dedicated servers to host the testing environment. These servers should
mimic the production environment as closely as possible.
 Database: Deploy a database server to store test data. Use a database management
system (DBMS) such as MySQL or PostgreSQL.
 Networking: Ensure proper network configuration to simulate real-world conditions,
including internet connectivity, latency, and bandwidth constraints.
9 Test data:

 Synthetic Data: Generate synthetic data to simulate various scenarios, such as different
product categories, user profiles, and transaction histories.
 Sample Data: Use real or sample data from the production environment for more
realistic testing scenarios.

10. Test Cases

a) Objectives

b) Preconditions

c) Test steps

d) Expected Results

e) Postconditions

(9.) Test Execution Schedule:

1. Testing Phases:

Unit Testing:

 Schedule: [01/01/2024] to [04/01/2024]

 Responsible Team

Integration Testing:

 Schedule: [04/01/2024] to [06/01/2024]

 Responsible Team: Testing Team

System Testing:

 Schedule: [06/01/2024] to [08/01/2024]

 Responsible Team: System Testing Team
 Functional Testing:

 Schedule: [08/01/2024] to [10/01/2024]

 Responsible Team: Functional Testing Team

Performance Testing:

 Schedule: [10/01/2024] to [12/01/2024]

 Testing Focus.
 Responsible Team: Performance Testing Team

Security Testing:

 Schedule: [12/01/2024] to [14/01/2024]

 Responsible Team: Security Testing Team

Regression Testing:

 Schedule: Ongoing after each code change

 Responsible Team

11. defact management

1. Defect Identification:
 Testers identify defects by executing test cases and observing discrepancies between
expected and actual results.
 Defects can include functional issues, usability problems, performance bottlenecks,
security vulnerabilities, and other discrepancies.
2. Defect Documentation:
 Testers document each identified defect in a defect tracking tool or system. Commonly
used tools include JIRA, Bugzilla, or Trello.
 Each defect report typically includes information such as:
 Description of the defect
 Steps to reproduce
 Severity/priority level
 Environment details
 Attachments (screenshots, log files, etc.)
 Assigned tester/developer
 Status (e.g., open, in progress, resolved)
3. Defect Prioritization:
  Defects are prioritized based on their severity and impact on the application.
 Priority levels may include:
 High: Critical defects that severely impact functionality or security.
 Medium: Defects that have a moderate impact on functionality.
 Low: Minor defects or cosmetic issues with minimal impact.
 Priority levels help stakeholders focus on addressing critical issues first.
4. Defect Assignment:
 Once prioritized, defects are assigned to appropriate team members for resolution.
 Defects may be assigned to developers for code fixes, designers for UI/UX issues, or
other relevant team members.
 Clear assignment ensures accountability and timely resolution of defects.
5. Defect Tracking and Monitoring:
 Defects are tracked throughout the defect lifecycle using the defect tracking tool.
 Testers, developers, and other stakeholders regularly monitor the status of defects.
 Updates, comments, and discussions related to defects are documented within the
defect tracking tool for transparency and collaboration.
6. Defect Resolution:
 Developers investigate assigned defects, analyze root causes, and implement fixes.
 Testers verify fixed defects through retesting to ensure that the issue has been resolved
satisfactorily.
 If the fix is verified, the defect status is updated to "resolved" or "closed."
7. Defect Closure:
 Once a defect is resolved and verified, it is marked as "closed" in the defect tracking
tool.
 Closure includes documentation of the resolution details and any additional information
related to the defect.
8. Defect Analysis and Reporting:
 Periodic analysis of defect data helps identify trends, patterns, and areas for
improvement in the development process.
 Defect reports provide stakeholders with insights into the quality of the software and
progress in defect resolution efforts.

12. Risks and

Mitigations Identify potential risks and provide mitigation strategies.
13. Resources Personnel and tools required for testing.
Identify dependencies on external factors such as third-party
14. Dependencies APIs, services, etc.
15. Exit Criteria Define the conditions that must be met for the testing phase to
 be considered complete.
16. Suspension Criteria Conditions under which testing may be temporarily suspended.
17. Test Summary
Report Outline of the key findings, testing activities, and outcomes.
18. Approvals Sign-off section for stakeholders to approve the test plan.