Interview Questions + Scenario Based (Aliza)

* Test-Case, Use-Case, Bug Report *

1. What is a use case, and why is it important in software testing?
A use case is a description of how a user interacts with a system to achieve a specific
goal. It defines the system’s functionality from an end-user perspective, covering different
scenarios (normal, alternative, and error cases).

Importance in Software Testing:

• Helps testers understand system behavior in real-world usage.
• Identifies functional requirements that need to be tested.
• Ensures coverage of user interactions and business requirements.
• Serves as a basis for designing test cases.

2. How does a use case differ from a test case? Provide examples to illustrate the
difference.
Feature Use Case Test Case
Describes system behavior from a Describes specific conditions to validate
Purpose
user’s perspective functionality
Steps, actors, preconditions, Test inputs, expected output, pass/fail
Content
postconditions criteria
Exampl "User logs in using valid "Enter valid credentials → Click Login →
e credentials" Verify access granted"
Example:
• Use Case: "A customer withdraws cash from an ATM."
• Test Case: "Insert a valid card → Enter correct PIN → Request withdrawal of $100
→ Verify the ATM dispenses $100 and updates the balance correctly."

3. Describe the process of deriving test cases from a use case. What key steps are
involved?
1. Identify the Use Case – Understand the user goal and steps involved.
2. Define Preconditions – List the necessary conditions before execution.
3. Extract Scenarios – Consider normal flow, alternative flows, and error conditions.
4. Convert Steps into Test Cases – Write detailed test cases covering each scenario.
5. Define Inputs & Expected Outcomes – Specify test data and expected results.
6. Prioritize Test Cases – Focus on critical functionalities first.
4. What are positive and negative test cases? Provide an example for each.
• Positive Test Case: Tests valid input and expected system behavior.
• Example: Enter a correct username and password → Click "Login" → Verify
successful login.
• Negative Test Case: Tests invalid input or unexpected actions to check system
stability.
• Example: Enter an incorrect password three times → Click "Login" → Verify
system locks the account.

5. How do you ensure complete test coverage when creating test cases from a use
case?
• Identify all possible scenarios (normal, alternative, and error flows).
• Use Equivalence Partitioning & Boundary Value Analysis to test different input
ranges.
• Validate all business rules and system constraints.
• Consider usability, security, and performance aspects.
• Perform requirement traceability analysis to ensure all requirements are tested.

6. What is an edge case in testing? How does it differ from a negative test case?
• Edge Case: Tests extreme conditions that rarely occur but can break the system.
• Example: Entering a 256-character-long password in a field that accepts only
255 characters.
• Negative Test Case: Tests invalid input to verify error handling.
• Example: Entering a password with only spaces and verifying an error
message is displayed.
Key Difference:
Edge cases focus on system limits, while negative test cases focus on invalid user actions.

7. In a real-world project, what challenges might you face when converting use
cases into test cases? How would you address them?
Challenges & Solutions:
• Ambiguous Use Cases → Clarify with business analysts and developers.
• Missing Edge Cases → Conduct thorough risk analysis.
• Changing Requirements → Maintain a flexible test case design.
• Limited Test Data → Create a diverse dataset covering all scenarios.
• Unclear Expected Outcomes → Collaborate with stakeholders to define clear
expectations.
8. What is a bug report, and why is it important in the software testing process?
A bug report is a document that records details about a defect found in a software
application. It helps developers understand, reproduce, and fix the issue effectively.

Importance in Software Testing:

• Provides clear documentation of defects for tracking and resolution.
• Helps in prioritizing issues based on severity and impact.
• Enhances communication between testers, developers, and stakeholders.
• Ensures quality by keeping a structured record of defects and fixes.

9. What key information should be included in a well-written bug report? Provide an

example.
A good bug report should include:
• Bug ID (Unique identifier)
• Title (Short and descriptive issue name)
• Description (Detailed explanation of the issue)
• Steps to Reproduce (Clear step-by-step instructions to recreate the bug)
• Expected vs. Actual Result
• Severity & Priority (Impact on the system)
• Environment Details (OS, Browser, Software version, etc.)
• Attachments (Screenshots, logs, or videos for better understanding)
Example Bug Report:
Bug ID: 1012
Title: Login button becomes unresponsive after incorrect password attempts
Description: When a user enters the wrong password three times, the login button
becomes unresponsive, even after entering the correct password.
Steps to Reproduce:
1. Open the login page.
2. Enter a valid username and an incorrect password.
3. Repeat step 2 three times.
4. Enter the correct password and click "Login."
5. The login button remains disabled.
Expected Result: The login button should remain functional after entering the correct
credentials.
Actual Result: The login button becomes unresponsive.
Severity: High
Priority: Medium
Environment: Windows 11, Chrome v112
Attachments: [Screenshot of the issue]
10. How do you prioritize and categorize bugs in a bug report? Explain with real-
world scenarios.
Bugs are prioritized based on their impact and urgency:

Bug Prioritization:
• High Priority – Critical issues that block core functionality (e.g., users cannot log
in).
• Medium Priority – Issues that affect functionality but have workarounds (e.g., UI
misalignment).
• Low Priority – Minor issues that do not impact functionality (e.g., typos in UI).

Bug Categorization:
• Critical (Showstopper) – System crashes, security breaches.
• Major – Key feature failures (e.g., payment processing fails).
• Minor – UI/UX issues, non-blocking bugs.
• Trivial – Cosmetic issues (e.g., incorrect font size).
Example:
• High Priority, Critical Bug: Application crashes when submitting a form.
• Medium Priority, Major Bug: The "Submit" button works but does not display a
success message.
• Low Priority, Minor Bug: The color of the "Login" button is incorrect.

* Black-box Testing Questions *

11. What is black-box testing, and how does it differ from white-box testing?
Black-box testing is a software testing method where the tester evaluates the
functionality of an application without knowing its internal code or structure. The focus
is on input-output behavior.

Key Differences Between Black-Box and White-Box Testing

Aspect Black-Box Testing White-Box Testing
Knowledge of
Not required Required
Code
Focus Functionality & user behavior Code structure, logic, and flow
Developers or testers with coding
Testers Testers, QA teams
knowledge
Testing a login form with Checking if the login function correctly
Example
different credentials handles input validation
12. What are the different types of black-box testing techniques? Explain with
examples.
Black-box testing techniques help design test cases systematically:
1. Equivalence Partitioning (EP) – Divides input data into valid and invalid partitions.
• Example: If a field accepts values between 1-100, test cases include values
inside (50), below (0), and above (101) this range.
2. Boundary Value Analysis (BVA) – Tests values at the boundaries of valid ranges.
• Example: If a password field accepts 6-12 characters, test using 5, 6, 12, 13
characters.
3. Decision Table Testing – Creates test cases based on business rules and
conditions.
• Example: A banking app allowing loan approval if the salary is >50k and no
outstanding loans.
4. State Transition Testing – Tests system behavior based on state changes.
• Example: An ATM card enters a "locked" state after three incorrect PIN
attempts.
5. Error Guessing – Uses intuition to find common errors based on experience.
• Example: Checking if entering special characters in a numeric field causes a
crash.

13. What is equivalence partitioning, and how is it used in black-box testing?

Equivalence Partitioning (EP) is a technique that divides input data into groups that
should behave similarly, reducing the number of test cases.
Example:
A shopping cart allows customers to buy between 1 and 10 items:
• Valid Partition: 1 to 10
• Invalid Partitions: 0, -1, 11, 100
By testing just one value from each partition, we efficiently validate the functionality.

14. Explain boundary value analysis with an example. Why is it important in black-
box testing?
Boundary Value Analysis (BVA) is a technique that tests values at the edges
(boundaries) of valid input ranges, as defects often occur at limits.
Example:
If an age field accepts values from 18 to 60:
• Test with 17, 18, 60, and 61 instead of random numbers.
Importance:
• Identifies edge-case errors efficiently.
• Ensures system stability at limit conditions.

15. What is decision table testing? How can it help in test case design?
Decision Table Testing is used when multiple conditions affect the outcome. It organizes
test scenarios in a table format for better clarity.
Example: Loan approval system:

Conditio Salary No Existing Loan

n >50K Loan Approved?
Case 1 Yes Yes ✅ Yes
Case 2 Yes No ❌ No
Case 3 No Yes ❌ No
Case 4 No No ❌ No
This technique ensures comprehensive test coverage for complex logic.

16. How do you create test cases for black-box testing when there is no proper
documentation?
• Exploratory Testing: Manually interact with the application to understand
functionality.
• Reverse Engineering: Analyze UI, error messages, and logs to infer behavior.
• Stakeholder Communication: Consult developers or business analysts for
insights.
• Comparative Testing: Compare against similar applications or previous versions.

17. What is exploratory testing? When is it useful in black-box testing?

Exploratory Testing is an unscripted, experience-based approach where testers
interact with the application dynamically to find defects.
Useful When:
• Requirements are unclear or incomplete.
• Time is limited, and test cases can't be written.
• Uncovering usability issues and unexpected behaviors.

18. What are some challenges faced while performing black-box testing?
• Incomplete or ambiguous requirements – Leads to unclear test cases.
• High number of test cases – Makes it hard to test everything manually.
 • Difficult to trace defects to code – Since testers don't see internal logic.
• Automation challenges – Some tests may not be automatable.

19. When you complete an iteration and write bug reports, the development team
fixes the bugs. After the fixes, you retest the application. What type of testing is
this?
• Retesting: If you test only the specific bug fix.
• Regression Testing: If you test the bug fix and also check whether it introduced
new issues in other parts of the system.

20. What is ad-hoc testing? How does it differ from exploratory testing?
• Ad-Hoc Testing is an informal and unstructured testing approach where testers
randomly explore the application without predefined test cases.
• Exploratory Testing is more systematic, where testers learn about the application
and design test scenarios on the fly.
Example:
• Ad-Hoc Testing: Randomly clicking around a web application to find crashes.
• Exploratory Testing: Interacting with different workflows while thinking critically
about possible edge cases.

21. What are some commonly used black-box testing tools?

Some popular tools include:
• Selenium – Web application automation
• Katalon Studio – Functional testing
• Appium – Mobile app testing
• TestComplete – GUI and functional testing
• Postman – API testing
• JMeter – Performance testing

22. How does Selenium help in black-box testing? What are its advantages and
limitations?
Selenium automates web browsers for functional and regression testing.
✅ Advantages:
• Supports multiple browsers and programming languages.
• Open-source and widely used.
• Supports parallel execution with Selenium Grid.
❌ Limitations:
• Cannot test desktop/mobile apps (only web).
• Requires scripting knowledge.

23. What is the difference between manual black-box testing and automated black-
box testing?
Aspect Manual Testing Automated Testing
Speed Slower Faster
Accurac
Prone to human error More accurate
y
Cost Low initial cost High initial setup cost
Usability and exploratory Regression and repetitive
Best for
testing tests

24. What is Memory Testing, and why is it important?

Memory Testing is the process of evaluating how a software application utilizes memory
resources, ensuring that there are no memory leaks, buffer overflows, or inefficient
memory usage. It is important because:
• Prevents memory leaks, which can cause performance degradation.
• Ensures efficient memory allocation, preventing excessive RAM usage.
• Detects buffer overflows, which can lead to security vulnerabilities.

25. How would you detect and fix a memory leak in an application?
To detect a memory leak:
1. Use memory profiling tools like Valgrind, Purify, or AddressSanitizer.
2. Monitor RAM usage over time—if memory usage keeps increasing, there is a leak.
3. Check for unfreed memory allocations in the code (e.g., missing free() in C/C++).
To fix it:
• Ensure all dynamically allocated memory is properly freed.
• Use smart pointers in C++ (unique_ptr, shared_ptr).
• Run garbage collection in languages like Java and Python.

* SDLC and STLC Questions*

26. What is SDLC? Why is it important in software development?
SDLC (Software Development Life Cycle) is a structured process that defines the steps
involved in software development, from planning to deployment and maintenance.
Importance:
• Ensures software meets requirements efficiently.
• Helps in early detection of defects.
• Reduces development risks and costs.
• Ensures software is scalable, secure, and maintainable.

27. What are the different phases of SDLC? Explain each phase briefly.
SDLC consists of six major phases:
1. Requirement Gathering & Analysis – Business needs are collected and analyzed.
2. Planning – Project scope, cost estimation, and timelines are defined.
3. Design – System architecture and UI/UX designs are created.
4. Development – Coding and software implementation happen here.
5. Testing – Software is tested to detect and fix bugs.
6. Deployment & Maintenance – The software is released, and updates are made as
needed.

28. Compare different SDLC models (Waterfall, Agile, V-Model). When should each
model be used?
Model Description When to Use?
Sequential model, each phase must be When requirements are fixed and
Waterfall
completed before the next starts. well-defined.
Iterative approach, work is done in small When requirements change
Agile
cycles (sprints). frequently.
Verification and validation happen
V-Model When early testing is critical.
simultaneously.
Continuous integration, development, and When rapid deployment and
DevOps
delivery. automation are required.

29. What are the advantages and disadvantages of the Waterfall model?
✅ Advantages:
• Simple to manage.
• Suitable for well-defined projects.
• Documentation is clear.
❌ Disadvantages:
• Not flexible (no changes allowed after the initial phase).
• Testing is done late, increasing defect-fixing costs.
• Poor adaptability for complex projects.
30. What is the difference between Agile and Scrum in SDLC?
• Agile is a software development methodology that promotes iterative and
incremental progress.
• Scrum is a specific framework within Agile that uses sprints (2-4 weeks) and
Scrum Masters to manage tasks.

31. What is the V-Model in SDLC? How does it differ from the Waterfall model?
• The V-Model (Validation & Verification) integrates testing in each phase of SDLC,
unlike Waterfall, where testing happens only at the end.
• Helps in early bug detection.

32. What is the difference between functional and non-functional requirements in

SDLC?
Type Description Example
Describes what the system should Login functionality, Payment
Functional
do. processing.
Non- Describes system performance and
Speed, Security, Scalability.
Functional quality.

33. What is risk analysis in SDLC? How do you handle risks in software
development?
Risk Analysis involves identifying potential risks (cost, security, project delays) and
creating mitigation plans.
📌 Steps to handle risks:
1. Identify risks.
2. Analyze their impact.
3. Prioritize risks.
4. Develop mitigation strategies.
5. Monitor risks throughout SDLC.

34. What is STLC? How does it fit within SDLC?

STLC (Software Testing Life Cycle) defines testing phases to ensure software quality
before release.
💡 Relation to SDLC: STLC is a subset of SDLC that focuses on testing and validation.

35. What are the different phases of STLC? Explain each phase.
1. Requirement Analysis – Understand what needs to be tested.
2. Test Planning – Define strategy, scope, and resources.
3. Test Case Development – Write test cases and prepare test data.
 4. Test Environment Setup – Set up hardware, software, and network for testing.
5. Test Execution – Run test cases, report bugs.
6. Test Closure – Summarize results, lessons learned.

36. What is the difference between Verification and Validation in STLC?

Process Definition Example
Verificatio Checking if requirements are met Reviewing design
n correctly. documents.
Checking if the software works as
Validation Executing test cases.
expected.

37. What happens in the Test Planning phase of STLC? Why is it important?
In Test Planning, a strategy is created for testing.
✅ Importance:
• Defines testing scope, schedule, and team roles.
• Helps in resource allocation.
• Identifies risks early.

38. What is a Test Case? How do you write a good test case?
A test case is a set of conditions and steps used to test a feature.
✅ Good test case example:
📌 Scenario: Test login functionality
• Steps: Enter username & password → Click Login
• Expected Result: Successful login

39. What is Test Execution in STLC? What are the possible outcomes of this phase?
Test Execution is the phase where testers run test cases.
✅ Possible outcomes:
• Pass: Functionality works.
• Fail: Defect detected.
• Blocked: Cannot proceed due to dependency.

40. What is Defect Life Cycle (Bug Life Cycle) in STLC? Explain different stages.
Bug Life Cycle:
 1. New → Reported bug.
2. Assigned → Sent to developer.
3. In Progress → Developer fixes it.
4. Fixed → Bug resolved.
5. Retest → Tester verifies the fix.
6. Closed → Bug is resolved permanently.

41. What is Regression Testing? When should it be performed in STLC?

Regression Testing ensures new changes don’t break existing features.
✅ Performed when:
• A new feature is added.
• A bug is fixed.
• System upgrades are made.

42. How do you measure the effectiveness of testing? What are common test
metrics?
Test Metrics:
• Test Coverage (%) – Measures how much code is tested.
• Defect Density – Bugs per module.
• Test Execution Rate – % of test cases executed.

43. What is Test Closure in STLC? What activities are performed in this phase?
Test Closure is the final phase of STLC where testing results are documented.
✅ Activities:
• Create Test Summary Report.
• Document lessons learned.
• Conduct post-mortem meetings

* White-box Testing Questions *

44. What are the key techniques used in White Box Testing? Explain each briefly.
✅ Common techniques include:
1. Statement Coverage – Ensures each line of code is executed at least once.
2. Branch Coverage – Ensures all conditional branches (if-else, loops) are tested.
3. Path Coverage – Tests all possible execution paths in the program.
4. Loop Testing – Verifies correctness of loops (for, while, do-while).
5. Mutation Testing – Introduces small code changes (mutants) to test effectiveness.
45. Why is White Box Testing important in complex systems like those used in the
Air Force?
💡 Importance in critical systems:
• Ensures reliability & security (especially for mission-critical software).
• Detects hidden bugs in complex algorithms.
• Prevents performance bottlenecks by optimizing code.
• Improves software robustness by testing edge cases.

4️6. What are the main challenges of White Box Testing?

❌ Common challenges include:
• Requires deep coding knowledge (testers must understand programming).
• Time-consuming (since every possible path must be tested).
• Difficult to achieve full test coverage (especially in large applications).
• Automated testing tools are complex (compared to black box testing tools).

47. How do you select test cases for White Box Testing?
✅ Test cases are selected based on:
• Code Complexity: Prioritize critical and high-risk modules.
• Control Flow & Data Flow Analysis: Ensure paths with loops and conditions are
tested.
• Security & Edge Cases: Test for vulnerabilities and rare conditions.
• Performance Optimization: Identify inefficient code sections.

48. What is White Box Testing? How does it differ from Gray Box Testing?
• White Box Testing: The tester has complete knowledge of the internal code and
logic.
• Gray Box Testing: The tester has partial knowledge of the internal code while
testing functional behavior.

49. What are the different levels of White Box Testing?

✅ White Box Testing is performed at three levels:
1. Unit Testing – Tests individual functions/methods in isolation.
2. Integration Testing – Tests interactions between modules.
3. System Testing – Tests the entire system’s internal structure.
50. What is Code Coverage? What are its types?
Code Coverage measures how much of the source code is executed during testing.
✅ Types of Code Coverage:
• Statement Coverage – Ensures every line of code executes at least once.
• Branch Coverage – Ensures all possible branches (if-else) execute.
• Path Coverage – Ensures all possible execution paths are tested.
• Condition Coverage – Tests every Boolean condition for true and false outcomes.
• Function Coverage – Tests all functions/methods in a program.

51. Why is White Box Testing critical for security testing?

• Identifies vulnerabilities like SQL injection and buffer overflow.
• Ensures secure coding practices are followed.
• Detects logic flaws that may cause unauthorized access.

52. What is Static Code Analysis? How does it help in White Box Testing?
• Static Code Analysis examines source code without executing it to detect errors,
vulnerabilities, and coding standard violations.
• Helps in:
• Detecting syntax errors, unused variables, and memory leaks.
• Ensuring compliance with coding standards (e.g., MISRA, OWASP).

53. What are some common risks in White Box Testing?

❌ Risks include:
• Tester bias (since testers know the code, they may overlook certain errors).
• Complexity of testing (difficult to achieve full coverage in large systems).
• Time-consuming (requires detailed code analysis).
--------------------------------------------------------------------------------------------------------------------

* Scenario Based Questions *

11 Use Case & Test Case Scenario
1️⃣

Question:
You are given a pen and asked to write a Use Case for it.
• Write a Use Case for a ballpoint pen.
 • Based on your Use Case, create at least two test cases (one positive and one
negative).

✅ Answer:

Use Case: Writing with a Ballpoint Pen

Actors: Student, Pen
Precondition: Pen has ink, and the user can hold the pen properly.
Basic Flow:
1. The user picks up the pen.
2. The user removes the cap (if applicable).
3. The user applies the pen’s tip to the paper.
4. The user writes on the paper.
5. The ink flows smoothly, leaving a visible mark.

Test Cases Based on Use Case:

Test Case Positive/
Test Case Description Expected Result
ID Negative
Write a sentence with the pen on The pen writes smoothly
TC001 ✅ Positive
a notebook without skipping
Write with the pen after
TC002 The pen should not write ❌ Negative
completely draining the ink

22 Bug Report Scenario

2️⃣
Question:
Your team has completed an iteration of software testing. You find a critical bug in a
payment processing module, where transactions fail when processing amounts over
$1,000.
• How would you document this bug in a bug report?
• What key details should you include in your bug report?
• How would you prioritize this bug?

✅ Answer:

Bug Report Example:

Bug ID: PAY-001
Title: Payment processing fails for transactions over $1,000
Severity: High
Priority: Critical
Environment: Windows 10, Chrome 119, Payment Gateway API v2.1
Steps to Reproduce:
1. Log in to the application.
 2. Navigate to the Payments section.
3. Enter an amount of $1,200 and submit the payment.
4. Observe that the transaction fails with an error.
Expected Result:
The transaction should process successfully for any valid amount within limits.
Actual Result:
The system displays an "Invalid Amount" error for transactions over $1,000.
Bug Status: Open
Assigned To: Developer Team

3️⃣Black Box Testing Scenario

Question:
Your team is testing an ATM system where a user enters a PIN to withdraw cash. During
testing, you notice that incorrect PIN attempts do not lock the account after three
tries.
• What type of Black Box Testing technique will you apply here? (Explain why).
• Write two test cases to check this issue (one positive, one negative).
• What kind of testing tools can help automate this validation?

✅ Answer:

Black Box Testing Technique Used:

✅ Boundary Value Analysis (BVA) – Test edge conditions where the system should lock
the account.
✅ Equivalence Partitioning – Categorize valid and invalid PINs to test.

Test Cases for the Issue:

Test Case Positive/
Test Case Description Expected Result
ID Negative
Enter correct PIN on first
TC003 Transaction successful ✅ Positive
attempt
Account should be
TC004 Enter incorrect PIN 3 times ❌ Negative
locked

Black Box Testing Tools for ATM Systems:

• Selenium (for UI automation)
• TestComplete (for functional testing)
• QTP/UFT (for automated test execution)
4️⃣White Box Testing Scenario
Question:
You are reviewing the source code of a login system. The code uses an if-else condition
to check if the username and password are correct. However, there are multiple nested
conditions inside.
• What White Box Testing techniques would you apply to ensure full coverage?
• How would you use code coverage tools (such as JaCoCo or BullseyeCoverage)
in this case?
• If you had to write unit tests for this, what would be your approach?

✅ Answer:

White Box Testing Techniques Applied:

✅ Branch Coverage: Ensure all "if-else" conditions are tested.
✅ Path Coverage: Validate all execution paths.
✅ Loop Testing: If there are loops for login attempts, test their behavior.

How to Use Code Coverage Tools (e.g., JaCoCo)?

• Run unit tests and generate a coverage report.
• Check if any branches or conditions are missed.
• Improve test cases to achieve 100% coverage.

Unit Test Approach:

✅ Test valid login credentials.
✅ Test invalid username/password.
✅ Test account lockout after multiple failures.

2️⃣Scenario: Bug Retesting and Regression Testing

Question:
Your team reported a bug in an inventory management system where item stock is not
updating correctly. The development team fixed the bug, and now it's ready for testing.
• What steps will you take to verify if the bug is actually fixed?
• What type of testing should be performed after verifying the fix?
• If the fix introduced another issue (e.g., incorrect stock deductions), how should you
handle it?
✅ Answer:

Steps to Verify Bug Fix:

11️⃣Reproduce the original bug in the previous version.
2️⃣Test the fixed version by updating item stock and verifying changes.
3️⃣Check edge cases (e.g., simultaneous stock updates).

Testing Types Applied:

✅ Retesting – Check if the fix correctly resolves the issue.
✅ Regression Testing – Ensure the fix doesn’t break other features.

Handling New Issues:

• If a new bug appears, log it as a separate defect.
• If the fix is faulty, reopen the original bug and assign it back to the development
team.

3️⃣Scenario: Security Testing in Web Applications

Question:
You are testing a banking web application that allows users to change their
passwords.
• Write two test cases to verify security vulnerabilities in this feature.
• What type of white-box testing techniques can be used to check the security of the
system?
• How would you prevent SQL injection attacks in the password change module?

✅ Answer:
Test Positive/
Description Expected Result
Case ID Negative
Attempt to change password without System should prevent
TC004 ❌ Negative
entering the current password password change
Enter a new password with SQL System should reject
TC005 ❌ Negative
injection (e.g., 123' OR '1'='1) the input

White-Box Testing Techniques Applied:

✅ Code Review – Check for vulnerabilities in the authentication code.
✅ Static Analysis – Use tools like SonarQube to find security flaws.
✅ Fuzz Testing – Input random data to test for vulnerabilities.

Preventing SQL Injection:

✅ Use parameterized queries instead of string concatenation.
✅ Validate user input to allow only strong passwords.
✅ Encrypt passwords using bcrypt or PBKDF2.