Difference Between Global, Environment, and Collection Variables in Postman

Global Variables:

• Stored globally across all requests and collections.
• It can be accessed from any request or collection.
• Use cases: API keys, common headers, or base URLs

Environment Variables:

• Stored within a specific environment (e.g., dev, staging, prod).
• It can be accessed only from requests within the same environment.
• Use cases: Environment-specific settings, such as URLs, credentials, or timeouts.

Collection Variables:

• Stored within a specific collection.
• It can be accessed only from requests within the same collection.
• Use cases: Collection-specific settings, such as API endpoints, headers, or query parameters.

Selenium XPath in detail

What is XPATH?

• It is an XML path.
• It is one of the locator types in selenium.
• It uses path expression to navigate in XML documents and to identify a node or number of nodes.
• XPath is used to handle complex and dynamic paths.

 
Types of XPATH in Selenium:
  1. Absolute XPath
  2. Relative XPath
 

What is Absolute XPath?

• Absolute path starts from <HTML> tag.
• It uses / ( forward slash ).
• It is used to identify any element direct way by consider all the tag starts from <HTML> tag.
• It is much more faster than "Relative xpath" as it holds the direct path to the target node/tag/element from start <Html> tag.
• But we will mostly use this one if it holds a long string path and is difficult to maintain or handle. It is not a shortend path.

 
What is Relative XPath?

• It uses //  ("forward double slash") .
• It will consider any node/element/tag as a refernce point from where either we can traverse forard or reverse direction to identify target node/tag.
• It is mostly used as we are considering any node as a reference node (stable node) from a DOM.

Java code to automate the extraction of two numbers from a web page

 package system;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.chrome.ChromeDriver;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import io.github.bonigarcia.wdm.WebDriverManager;

public class Practice {

   WebDriver driver;

@BeforeMethod
public void setUp() {
  WebDriverManager.chromedriver().setup();
  driver = new ChromeDriver();
}

@Test(description = "extraction of two numbers from a web page")
public void test() throws InterruptedException {

driver.get("https://ultimateqa.com/complicated-page");

// Locate the element containing the CAPTCHA question
WebElement captchaElement = driver.findElement(By.className("et_pb_contact_captcha_question"));

// Extract the CAPTCHA question text
String captchaText = captchaElement.getText().trim(); // Example: "5 + 6"

// Split the text to get the operands
String[] parts = captchaText.split("\\+");
int firstNumber = Integer.parseInt(parts[0].trim());
int secondNumber = Integer.parseInt(parts[1].trim());

// Calculate the sum
int sum = firstNumber + secondNumber;

// Print the sum (for debugging purposes)
System.out.println("Extracted Numbers: " + firstNumber + " + " + secondNumber + " = " + sum);

// Enter the sum into the CAPTCHA input field
WebElement captchaInputField = driver.findElement(By.className("et_pb_contact_captcha"));
captchaInputField.sendKeys(String.valueOf(sum));
}
}

Real-Time Software Testing Interview Questions - Part 2

1. Retesting - Testing only the affected area.

2. Regression Testing - Testing the affected as well as the unaffected area.

3. When will you stop the Testing?

• When every bug is fixed.
• When all the test cases are executed and they are passed.
• Minor bugs are deferred.

   

4. When will you start Testing?

• Once the developer completes unit testing.
• Once everything is ready (test environment, test cases, test data).

   

5. Alpha testing - Selective customers will test the new version/software in the development organization's environment.

6. Beta testing - Customers will use this newly developed software in their own environment.

7. Smoke testing - Focusing on Major functionalities in the software through positive test cases.

8. Sanity testing - Focusing on Major functionalities in the software through positive and negative test cases.

9. Quality Assurance - Process-oriented and Verification.

10. Quality Control - Product-oriented and Validation.

11. Waterfall Model :

• When we have the software already and we want to implement new small features which are very clear- in these cases, we can go with the waterfall model.
• Disadvantage: Once we moved to the next phase, we never come back to the previous phase.

    

12. Model - Implementation of SDLC.

Selenium Interview Questions and Answers - PART 2

1. WebDriver is interface or class?

• WebDriver is an interface in Selenium.

2. If we do not add a driver exe file what will happen and what kind of exception will be generated?

• If the driver executable is not added, Selenium won't be able to communicate with the browser, and a WebDriverException will be thrown.

3. What is the difference between close and quit?

• close(): Closes the current browser window.
• quit(): Closes all the browser windows and ends the WebDriver session.

4. Difference between get and navigate().to() ?

• get(): Loads a new web page in the current browser window.
• navigate().to(): This does the same as get() but allows for additional navigation options like back, forward, and refresh.

5. Difference between findElement and findElements?

• findElement: Returns a single WebElement or throws  NoSuchElementException if not found.
• findElements: Returns a list of WebElements. If no elements are found, it returns an empty list.

6. How do you get all the links on the current page? Which locator will you use other than XPath?

• You can use the CSS selector a to find all links.

List<WebElement> links = driver.findElements(By.cssSelector("a"));

7. Methods of WebDriver?

• Some common methods are: get() , getCurrentUrl() , getTitle(), findElement() , findElements() , getPageSource() , close() , quit(), navigate() , manage() .

8. What is the use of the getCurrentPageSource method?

• It returns the source code of the current page.

9. When do we go for the findElements method and what is the return type?

• Use findElements when you expect multiple elements. It returns a list of WebElements.

10. Why do we get WebDriverException?

• This exception is thrown when WebDriver is unable to interact with the browser. Possible reasons include incorrect WebDriver setup, browser crashes, or network issues.

11. Absolute and Relative XPath?

• Absolute XPath: Starts from the root and follows a complete path (e.g., /html/body/div ).
• Relative XPath: Starts from the middle of the HTML DOM structure (e.g., //div[@id='example'] ).

Interesting aspects of API testing

1. Security Testing: Identifying vulnerabilities and ensuring secure data transmission.
2. Performance Testing: Measuring API response times, throughput, and scalability.
3. Functional Testing: Verifying API endpoints, request/response formats, and business logic.
4. Usability Testing: Ensuring API documentation, error handling, and user experience are intuitive.
5. Penetration Testing: Simulating attacks to identify vulnerabilities and weaknesses.
6. Fuzz Testing: Sending invalid or malformed requests to test API robustness.
7. Load Testing: Simulating high traffic to ensure API performance under stress.
8. API Gateway Testing: Testing API gateways, like AWS API Gateway or Azure API Management.
9. Microservices Testing: Testing APIs in microservices architecture, ensuring seamless communication.
10. CI/CD Integration: Automating API testing in continuous integration and continuous deployment pipelines.

Reducing API Latency and Improving Response Times

1. Caching: Implement caching mechanisms, like Redis or Memcached, to store frequently accessed data.
2. Content Delivery Networks (CDNs): Use CDNs to distribute content across multiple servers, reducing the distance between users and data.
3. Optimize database queries: Use efficient database queries, indexing, and connection pooling to reduce database latency.
4. Code optimization: Optimize code, use efficient algorithms, and minimize computational complexity.
5. Parallel processing: Use parallel processing techniques, like multi-threading or async processing, to handle requests concurrently.
6. HTTP/2 and HTTP/3: Upgrade to newer HTTP protocols, which provide improved performance and multiplexing capabilities.
7. Serverless architecture: Consider serverless architectures, like AWS Lambda, to reduce server overhead and latency.
8. Load balancing: Use load balancers to distribute incoming traffic across multiple servers, reducing the load on individual servers.
9. Monitoring and analytics: Use tools like New Relic, Datadog, or Prometheus to monitor performance and identify bottlenecks.
10. Continuous optimization: Regularly review and optimize API performance, as changes in usage patterns or data can impact response times.

A Comprehensive Comparison of HTTP Cookies, Sessions, and Tokens for Web Authentication and Authorization

HTTP cookies:

• HTTP cookies are small pieces of data that are sent by the server to the client, and stored by the browser.
• They can be used to store user preferences, track user behavior, or maintain user sessions.
• For authentication and authorization, cookies can store a unique identifier that links the user to a server-side record of their credentials and roles.
• The browser sends the cookie back to the server with every request, so the server can verify the user's identity and permissions.
• However, cookies have some drawbacks, such as being vulnerable to theft, forgery, or cross-site scripting attacks, and being limited by size and number.

HTTP sessions:

• HTTP sessions are a way of maintaining stateful communication between the client and the server, despite HTTP being a stateless protocol.
• Sessions use cookies or other methods to store a session ID on the client side and associate it with a server-side data structure that contains the user's information and state.
• Sessions can store more data than cookies and can be more secure if the session ID is encrypted or regenerated frequently.

HTTP tokens:

• HTTP tokens are another way of implementing stateless authentication and authorization, without relying on cookies or sessions.
• Tokens are self-contained pieces of data that encode the user's identity, permissions, and other claims, and are signed by the server using a secret key or a public-private key pair.
• Tokens are sent by the server to the client, and stored by the browser in local storage or memory.
• The client sends the token back to the server with every request, and the server validates the token's signature and payload.
• Tokens can be more flexible, portable, and scalable than cookies or sessions, and can support cross-domain and cross-origin requests.

Cookie-based vs Token-based authentication:

• Cookie-based and token-based authentication are two common approaches to implementing web authentication and authorization, and each one has its own pros and cons.
• Cookie-based authentication relies on the server to manage the user's session and state and uses cookies to store and transmit the session ID.
• Token-based authentication relies on the client to store and transmit the user's information and claims and uses tokens to encode and sign them.
• Cookie-based authentication can be simpler to implement, more compatible with browsers, and easier to revoke.
• Token-based authentication can be more efficient, secure, and flexible, and support more scenarios and platforms.

How to choose the best method

• When deciding which method is the best for web authentication and authorization, there is no definite answer as it depends on various factors such as the type, size, and complexity of the web application, the security and performance requirements, user experience and expectations, and available technologies and standards. Generally speaking, cookies should be used if stateful communication between the client and server is needed or if existing browser features and frameworks that support cookies are to be leveraged. Tokens should be used if stateless communication between the client and server is necessary or if cross-domain and cross-origin requests need to be enabled. A combination of cookies and tokens can be used to achieve a balance between statefulness and statelessness or to enhance the security and functionality of your web application.
• Stateless Protocol does not require the server to retain the server information or session details. Stateful Protocol requires the server to save the status and session information.

HTTP Headers

HTTP Request and Response objects consist of a body and header. While the body in the Response holds the data message (HTML, JSON) or form fields in the Request, the headers let the client and the server pass essential information about each other.

Headers can be grouped into four categories by their context:

• General headers contain information that is relevant for both request and Response, but no information about the data in a body.
• Request headers hold information about the client and requested resources.
• Response headers include server details, like time, location, and configuration.
• Entity header informs the browser about the type and body of the resource.

Let’s inspect more in detail. Go to the webpage https://madurai.nic.in/, open the console > Network tab, and select the document to inspect headers. You will likely see the headers divided into General, Request, and Response.

General group consist of the following information:

• Request URL: https://madurai.nic.in/wp-admin/admin-ajax.php
• Request Method: POST
• Status Code: 200 OK
• Remote Address: 164.100.225.214:443 (The IP address of the server)

Request Headers include the following properties:

• Accept: / (Accept any content type)
• Accept-Encoding: gzip, deflate, br, zstd (An algorithm, such as compression that is used on the recourse sent back.)
• Accept-Language: en-US, en (Hints the server about the expected language)
• Connection: keep-alive (Controls how long connection should stay open)
• User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 (Lets server to identify the characteristics of the application, OS, vendor, and versions)

Response Headers include:

• Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 (Set the instruction for caching. Other setting types: no-cache, no-store, no-transform)
• Content-Encoding: Specifies the compression algorithm used for the response body
• Content-Length: 17 (The size of the recourse in bytes)
• Content-Type: application/json; charset=UTF-8 (The resource type received. The current type is a JSON document.)
• Date: Tue, 09 Jul 2024 06:57:27 GMT (The time when the message was created)
• Expires: Wed, 11 Jan 1984 05:00:00 GMT (Sets the date when the relevant content will no longer be new/fresh)
• Server: Specifies the software used by the server at the time of the sent Response

Low Severity and High Priority Bugs in E-commerce Web Application

1. Typo on the Checkout Confirmation Page

Description: A misspelled word on the checkout confirmation page.

Severity: Low

Priority: High

2. Logo Displaying Incorrectly on Homepage

Description: The company logo appears stretched or pixelated.

Severity: Low

Priority: High

3. Incorrect Customer Support Email Address on the Contact Us Page

Description: The email address provided for customer support is incorrect.

Severity: Low

Priority: High

4. Broken Social Media Links in Footer

Description: Links to social media pages in the footer are broken.

Severity: Low

Priority: High

5. Non-functional Promo Code Input Box

Description: The input box for promo codes in the checkout process does not work.

Severity: Low

Priority: High

High Severity Low Priority Bugs in E-Commerce Web Application

1. Payment Gateway Failure in Specific Currency
High Severity: Users cannot complete purchases using a particular currency.
Low Priority: This currency is rarely used by the customer base.
Technical: When users select a rarely used currency, the payment gateway integration fails due to incorrect API calls or missing currency configuration.
Simple: Users can't pay in a specific, rarely-used currency.

2. Crash When Filtering Products by a Rare Attribute

High Severity: The website crashes, disrupting user experience.

Low Priority: The attribute filter is rarely used by customers.

Technical: Filtering by an uncommon attribute triggers a crash, possibly due to a null reference or unhandled exception.

Simple: The site crashes when filtering by a rarely used feature.

3. Incorrect Discount Calculation for Bulk Orders

High Severity: Users are charged incorrect amounts.

Low Priority: Bulk orders are rare.

Technical: The discount logic has a bug when calculating bulk order discounts, leading to incorrect pricing.

Simple: Bulk orders get the wrong discounts.

4. Failure to Load Product Images on Secondary Pages

High Severity: Product images do not load, affecting user experience.

Low Priority: Occurs on less frequently visited pages.

Technical: Image URLs or CDN issues prevent images from loading on less-visited pages.

Simple: Product images don't show up on certain pages.

5. Inability to Apply Multiple Coupons on Checkout

High Severity: Users cannot avail of multiple discounts.

Low Priority: Only a few users use multiple coupons.

Technical: The checkout process doesn't handle multiple coupon codes due to a bug in the discount application logic.

Simple: Users can't use more than one coupon at a time.

6. Error in Wishlist Functionality for Out-of-Stock Items

High Severity: Users cannot add out-of-stock items to their wishlist.

Low Priority: Out-of-stock items are a small portion of the catalogue.

Technical: The wishlist feature crashes or misbehaves when adding out-of-stock items due to lack of proper handling.

Simple: Can't add out-of-stock items to a wishlist.

7. Mismatch in Product Specifications on Detailed View

High Severity: Detailed view shows incorrect specifications.

Low Priority: Rarely visited detailed specifications page.

Technical: The product detail page shows incorrect specs due to outdated or incorrect data fetching logic.

Simple: Wrong details are shown on the product page.

8. Search Function Fails for Long Strings

High Severity: Users can't search with long keywords.

Low Priority: Most users use short search queries.

Technical: Long search queries cause database or server errors, possibly due to input length limits or inefficient query handling.

Simple: Searching with long phrases doesn't work.

9. Incorrect Display of User Loyalty Points

High Severity: Users see the wrong loyalty points balance.

Low Priority: The loyalty points program has low participation.

Technical: The loyalty points calculation or display logic has errors, showing incorrect balances.

Simple: Users see the wrong loyalty points balance.

10. Failure to Load Reviews for Products with No Reviews

High Severity: Page crashes if a product has no reviews.

Low Priority: Most products have at least one review.

Technical: The review section crashes when there are no reviews, likely due to poor handling of empty datasets.

Simple: Page crashes if there are no reviews.

Common API Test Cases

 

Bug Leakage in E-commerce Web Applications

1. Payment Gateway Issues:

• A bug where the payment gateway fails to process transactions intermittently, causing users to be unable to complete purchases.

  
2. Product Display Errors:

• Incorrect product images or descriptions are shown, leading to user confusion or incorrect orders.

  
3. Cart Issues:

• Items added to the cart disappear or change quantity without user input.

  
4. Order Confirmation Emails:

• Users not receiving order confirmation emails or receiving them with incorrect details.

  
5. Search Functionality:

• Search results not displaying relevant products, or the search feature not working at all.

  
6. Discount Codes:

• Discount codes not applying correctly or giving incorrect discounts.

  
7. User Account Problems:

• Users are unable to log in, register, or reset passwords.

  
8. Slow Loading Pages:

• Certain pages take too long to load, leading to a poor user experience.

  
9. Checkout Process Failures:

• The checkout process freezes or fails, preventing users from completing their purchases.

  
10. Inventory Mismatches:

• Showing products as in stock when they are out of stock, leading to order cancellations.

API Status Codes with Real Time Examples

HTTP 500 Series Status Codes:

• HTTP status codes in the 500 series are server error responses.

1. 500 Internal Server Error

• It occurs when a server meets with an unexpected condition. It indicates that the server encountered an unexpected condition that prevented it from fulfilling the request. The exact cause of the error is not specified in the response, making it a generic error message.

Example:

• Imagine you are using an online banking application. You have logged in successfully and want to transfer money to a friend. You fill out the form with the necessary details and hit the 'Transfer' button. Instead of processing the transaction, the application shows a '500 Internal Server Error message.

Cause:

• This could be due to several reasons, such as a bug in the application code, an issue with the server configuration, or a problem with the database connection. For instance, if the code that processes the transaction has a programming error or the database server is down, the web server might not be able to complete your request, resulting in this error.

2. 501 Not Implemented

• It indicates that a server doesn’t recognize the requested method or is unable to process that type of request.

Example:

• Suppose you are using a RESTful API to manage your online store inventory. You send a request using a new HTTP method called 'PATCH' to update part of the inventory data.

Cause:

• If the server you are communicating with has not been programmed to handle the PATCH method, it will return a 501 Not Implemented error. The server might only support GET, POST, PUT, and DELETE methods, and hence does not understand or implement the PATCH method.

  
3. 502 Bad Gateway

• It happens when a server receives an invalid response from the upstream server.

Example:

• You are trying to access a news website. The website's server needs to fetch the latest news articles from another server (an upstream server).

Cause:

• If the upstream server is down or returns a corrupted response, the main server cannot retrieve the necessary data and responds with a 502 Bad Gateway error. This typically happens in complex server architectures where one server relies on another to get the required information.

  
4. 503 Service Unavailable

• It indicates that the server is temporarily down for maintenance or overloaded.

Example:

• A popular e-commerce website announces a flash sale. As the sale goes live, thousands of users try to access the website simultaneously.

Cause:

• The sudden surge in traffic overwhelms the server, which cannot handle the volume of requests, leading to a 503 Service Unavailable error. Alternatively, if the website administrators are performing maintenance, they might take the server offline temporarily, resulting in this error.

  
5. 504 Gateway Timeout

• It occurs when a server doesn’t receive a response on time from the upstream server.

Example:

• You are using an online travel booking site to book a flight. The site needs to check availability with the airline's server.

Cause:

• If the airline's server takes too long to respond, the booking site's server might time out while waiting for the response, resulting in a 504 Gateway Timeout error. This usually occurs in distributed systems where one service depends on another for data.

 
6. 505 HTTP Version Not Supported

• It indicates that the server doesn’t support the HTTP protocol version used in the request.

Example:

• You are using an old web browser to access a modern web application.

Cause:

• If your browser sends a request using HTTP/1.0, but the server only supports HTTP/1.1 or HTTP/2, it will respond with a 505 HTTP Version Not Supported error.

  

HTTP 400 Series Status Codes:

• HTTP status codes in the 400 series are client error responses. These indicate that the request made by the client (e.g., a web browser) was incorrect or cannot be processed by the server. 

1. 400 Bad Request

• The server cannot understand the request due to malformed syntax.

Example:

• You try to search for a product on an e-commerce website, but you accidentally enter invalid characters in the search box. The server doesn't understand your request and returns a 400 Bad Request error.

  
2. 401 Unauthorized

• The request requires user authentication. The client must authenticate itself to get the requested response.

Example:

• You try to access your email account without logging in. The server responds with a 401 Unauthorized error, asking you to log in first.

  
3. 403 Forbidden

• It is sent when a user doesn’t have permission to access the requested page.

Example:

• You try to access a restricted page on a company's internal website without the necessary permissions. Even if you are logged in, you get a 403 Forbidden error because you don't have the right access level.

  
4. 404 Not Found

• The server cannot find the requested resource. This is the most common error.

Example:

• You click on a broken link or type in a URL that doesn't exist on a website. The server returns a 404 Not Found error because the page you're looking for cannot be found.

  
5. 405 Method Not Allowed

• The request method is known by the server but is not supported by the target resource.

Example:

• You try to submit data using a GET request instead of a POST request on a form submission page. The server responds with a 405 Method Not Allowed error.

  
6. 408 Request Timeout

• The server did not receive a complete request message within the time that it was prepared to wait.

Example:

• Your internet connection is slow, and it takes too long to send a request to a website. The server times out and returns a 408 Request Timeout error.

  
7. 429 Too Many Requests

• The user has sent too many requests in a given amount of time ("rate limiting").

Example:

• You try to log in to your account multiple times in quick succession, and the server temporarily blocks further requests, returning a 429 Too Many Requests error.