| 233 |
FEA035 |
Verify HTTPS is Enabled Across All Login-Related Pages |
0.1 |
- Login page uses HTTPS. - Any HTTP request is redirected to HTTPS. - No mixed content warnings are displayed in the browser. |
| 234 |
FEA035 |
Verify User Can Log In with Valid Credentials and Establish Secure Session |
0.1 |
- User logs in successfully. - Session is established securely (cookie flags present). - User is redirected to the homepage, and “Sign Out” is displayed in the header. |
| 235 |
FEA035 |
Verify Login Form Rejects Invalid Credentials with Appropriate Error Messages |
0.1 |
- Login fails. - An error message such as “Authentication failed” is displayed. - The error message does not reveal which field was incorrect (to prevent enumeration attacks). |
| 236 |
FEA035 |
Verify Sensitive User Data Is Not Transmitted or Stored in Plain Text |
0.1 |
- No sensitive data (passwords, session tokens) are transmitted or stored in plaintext. - All communication is encrypted. |
| 256 |
FEA035 |
Verify secure Admin login with valid credentials |
0.1 |
- Admin user logs in successfully. - Session is established securely (cookie flags present). - User is redirected to the dashboard. |
| 257 |
FEA035 |
Verify Admin Login Form Rejects Invalid Credentials with Appropriate Error Messages |
0.1 |
- Login fails. - An error message such as “Authentication failed” is displayed. - The error message does not reveal which field was incorrect (to prevent enumeration attacks). |
| 242 |
FEA015 |
Verify PrestaScan Security is Successfully Integrated and Scans Periodically |
0.1 |
- Scan history shows timestamps indicating scans are functioning. - Can trigger a manual scan. |
| 243 |
FEA015 |
Verify Known Vulnerabilities are Detected and Listed in Report |
0.1 |
- A report is generated listing: Known vulnerabilities detected. - Each item includes severity (Low, Medium, High) and location. |
| 245 |
FEA015 |
Verify Guidance or Recommendations are Provided for Detected Issues |
0.1 |
- Each detected issue includes:A description of the issue. Impact and severity. Recommendations or documentation links for remediation. |
| 251 |
FEA016 |
Verify Security Modules Can Be Installed and Activated |
0.1 |
- Both Simple Security and eiCAPTCHA are installed and active. - No conflicts or errors occur on the frontend while browsing. |
| 252 |
FEA016 |
Verify Security Modules Can Be Configured and Protect |
0.1 |
- Simple Security configuration is saved and active. - eiCAPTCHA is active, and reCAPTCHA is displayed on login/register forms. |
| 253 |
FEA016 |
Verify Brute-Force Blocking by Simple Security |
0.1 |
- The system blocks login attempts (8) and displays a lockout message. - Admin backoffice logs record the brute-force attempt |
| 254 |
FEA016 |
Verify reCAPTCHA Enforcement by eiCAPTCHA |
0.3 |
- reCAPTCHA is displayed consistently on register forms. - Form submissions fail when reCAPTCHA is not solved. - Form submissions succeed when reCAPTCHA is correctly solved. - No conflicts with other modules (e.g., forms still submit properly with reCAPTCHA enabled) |
| 255 |
FEA016 |
Verify Logging/Blocking of SQL Injection Attempts by Simple Security |
0.1 |
- SQL injection attempts are blocked, logged or input sanitized. - The system remains stable, with no crashes or frontend/backend errors. |
| 272 |
FEA022 |
Verify Robot Framework Setup and Execution |
0.1 |
- Robot Framework executes the test file without errors. - Test results are generated (e.g., log.html, report.html). |
| 273 |
FEA022 |
Verify Custom Test Case Creation, Execution, and Reporting |
0.1 |
- The custom test case runs successfully. - Results are reported in the test output (log.html, report.html). - Testers can review the results and logs for each test execution. |
| 274 |
FEA022 |
Verify Automated Product Page Load |
0.1 |
- All product pages load successfully without errors. - Any failed page loads are reported in the test output. |
| 275 |
FEA022 |
Verify Error Messages and Screenshots on Failure |
0.1 |
- Clear error messages and screenshots are available for failed tests in the log.html. |
| 276 |
FEA022 |
Verify CI/CD Integration |
0.1 |
The Product pages test. - The test files run automatically on each build or deployment. - Results are visible in the CI/CD pipeline logs or reports. |
| 246 |
FEA036 |
The reset process works correctly across different devices (mobile, tablet, desktop) |
0.1 |
- The user can successfully reset their password on all devices. - The user interface and functionality are consistent across devices. |
| 240 |
FEA036 |
Request password reset via registered email |
0.1 |
- The system confirms that a password reset email has been sent to the provided address. - No information is leaked about whether the email is registered or not (for security). |
| 247 |
FEA036 |
Invalid or expired reset links show appropriate error messages |
0.1 |
- The system displays a clear error message in each case. - No information is revealed to the user about whether the link was ever valid. |
| 289 |
FEA006 |
Verify Submit Support Request via Contact Us Page |
0.1 |
- A confirmation message appears: "Your message has been successfully sent to our team." - The sender of the message receives a response from customer service in their email. |
| 277 |
FEA023 |
Verify Automated Tests Trigger on Each CI/CD Pipeline Run |
0.1 |
- Tests execute automatically in the pipeline. - Tests run without manual intervention after push. - Tests are executed consistently across branches and merge requests. |
| 278 |
FEA023 |
Verify Generation of Detailed Test Reports After Pipeline Run |
0.1 |
- A detailed, structured test report is generated (report.html, log.html). - It shows passed and failed test cases clearly. - Test report is stored as an artifact in the GitLab CI/CD pipeline and can be downloaded/viewed in the GitLab interface. - Failure stack traces and screenshots (if included) are present for debugging. |
| Planned |
|
|
|
|
| 238 |
FEA005 |
Automated Tests Triggered After Successful Build |
|
- After the build completes, automated tests are triggered automatically. - Test results are reported in the pipeline. - No manual triggering of tests is required. |
| 259 |
FEA004 |
Verify Automatic Regression and Other Tests |
|
- Regression and other defined tests are triggered automatically after the build. - Test results are reported in the pipeline system. - If any test fails, the deployment stage does not start (unless intended) |
| 260 |
FEA004 |
Verify notifications on Build or Test Failures |
|
- The team leader immediately receives a notification about the failed build or test. - The notification includes details about the failed stage and, if possible, a link to the pipeline logs. |
| 270 |
FEA078 |
Verify Webmin Secure Access via HTTPS with Proper Certificates |
|
- Webmin is accessible only via HTTPS. - Certificates are correctly applied and valid. - Unencrypted HTTP access is blocked or redirected. |