hotelbooking-tests's People
hotelbooking-tests's Issues
Application accepts checkout date less than checkin date
Descripton: It is possible for the user to select checkout date less than check in date when making a booking.
Steps to Reproduce:
- Open a browser and navigate to http://hotel-test.equalexperts.io/
- Enter the valid data for all fields except for checkout
- For checkout, choose a date which is less than the selected check in date e.g.
If checkin date is 2018-07-11, choose checkout date 2018-07-09 - Click the save button and wait for booking to appear in the list.
Observe that booking is successfully made with invalid checkout date, please see the attached screenshot.
Expected Results: Checkout date cannot be less than checkin date
Actual Results: Checkout date must be after or equal of checkin date.
Environment:
Application under Test version: xxxx
Chrome Browser: Version 66.0.3359.181 (Official Build) (64-bit)
Firefox Browser: version 60.0.1 (64-bit)
Host Machine: OSX High Seirra
Booking is successful even with special characters or spaces in First Name field
Description: It is possible to create a booking with invalid characters in First Name e.g. special characters or spaces only.
Steps to Reproduce:
- Launch the browser and navigate to http://hotel-test.equalexperts.io
- Enter First name "Bob!~^%" without qoutes and valid input for rest of the fields.
- Click the save button
- Repeat the Steps 1 to 3 with First Name containing only Spaces " "
Observe that Booking is successfully created with special characters
Expected Results: An error message is displayed indicating invalid characters are present in First Name field and booking should not be created
Actual Results: Booking is successfully created.
Environment:
Application under Test version: xxxx
Chrome Browser: Version 66.0.3359.181 (Official Build) (64-bit)
Firefox Browser: version 60.0.1 (64-bit)
Host Machine: OSX High Seirra
Screenshot:
User can successfully make booking with negative price value
Description: It is possible to enter negative value for price field.
Steps to Reproduce:
- Launch browser and navigate to http://hotel-test.equalexperts.io
- Enter following data for input fields
First Name => fntest
Surname => lntest
Price => -1
Deposit => true
Checkin => select valid checkin date
Checkout => Select valid checkout date - Click the Save button and wait for the booking entry appear in list
Observe that booking would be done successfully showing negative price. Please see attached screenshot.
Expected Results: Negative price is not allowed to be accepted by the system.
Actual Results: It is possible to make booking by entering negative price value.
Environment:
Application under Test version: xxxx
Browser: Google Chrome Version 66.0.3359.181 (Official Build) (64-bit),
Host Machine: OSX High Seirra
Security Vulnerability - Missing security headers
Description: Common security headers e.g. x-xss-protection, content-security-policy, x-frame-options are missing
Steps to Reproduce:
Launch chrome browser and Install Recx Security Analyser extension for Chrome browser
Navigate to hotel-test.equalexperts.io
Click on analyser a pop sheet will appear
Observe that It reports all security headers are missing. Please see screenshot
Expected Results: Security headers should be implemented as first line of defence against various security attacks.
Actual Results: None of security header is implemented.
Recommendations: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers
Environment:
Application under Test version: xxxx
Recx Security Analyser v1.3.0.4
Chrome Browser: Version 66.0.3359.181 (Official Build) (64-bit)
Host Machine: OSX High Seirra
Security Vulnerability - Application is not safe against Cross Site Scripting attack
Description: It is possible to successfully launch xss attack against the application under test.
Steps to Reproduce:
Open firefox browser and go to http://hotel-test.equalexperts.io/
Enter <script>alert(1)</script> in First Name field
Fill the remaining fields as per normal
Click save button
Observe that when web application tries to load last created booking, browser pops an alert box with โ1โ proving successful xss attack. Please see the screenshot
Expected Results: Site should be safe against xss attack in particular and against top 10 OWASP security vulnerabilities in general
Actual Results: XSS attack is successful
Repeat the same steps for Surname, xss is successful for both First Name and Surname fields.
Recommendations: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Environment:
Application under Test version: xxxx
Chrome Browser: Version 66.0.3359.181 (Official Build) (64-bit)
Firefox Browser: version 60.0.1 (64-bit)
Host Machine: OSX High Seirra
Security Vulnerability - Missing CAPTCHA Implementation
Description: Captcha is not implemented leading to flooding attack
Steps to Reproduce:
Launch chrome browser and Navigate to hotel-test.equalexperts.io
Add a new booking
Observe that there is no CAPTCHA implementation and it is possible for robots and machines to launch flooding attack against the application.
Expected Results: Application should have CAPTCHA implementation
Actual Results: No CAPTCHA implementation is present
Recommendations: https://www.owasp.org/index.php/Testing_for_Captcha_(OWASP-AT-008)
Environment:
Application under Test version: xxxx
Recx Security Analyser v1.3.0.4
Chrome Browser: Version 66.0.3359.181 (Official Build) (64-bit)
Host Machine: OSX High Seirra
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.