ChatGPT — RIP Testers

Devil’s Advocate
4 min readJan 27, 2023

--

I have been increasingly asked by my team to tell them how ChatGPT will revolutionize (!?) the software development domain.

I already posted a blog on how ChatGPT generated a quick Python-based OTP Code generator and validator.

I thought I will look at the next area of software engineering (i.e.) testing.

Here is a sample of what ChatGPT could do in a matter of seconds.

Me: Can you list some of the functional and security test cases for a simple login page with a user name, password submission along with forgot password functionality?

Sure, here are some functional and security test cases for a simple login page with a user name, password submission along with forgot password functionality:

Functional Test Cases:

Verify that the login page can be accessed and displayed correctly.

Verify that the user can enter their username and password and submit the form successfully.

Verify that the user can reset their password using the forgot password functionality.

Verify that the user is redirected to the appropriate page after successful login.

Verify that the user is presented with an error message when an incorrect username or password is entered.

Verify that the user is locked out of their account after a certain number of failed login attempts.

Verify that the login page is accessible only to users who have an account.

Verify that the user’s session is terminated after a certain period of inactivity.

Verify that the user’s session is terminated after logging out.

Security Test Cases:

Verify that the login page is protected against SQL injection attacks.

Verify that the login page is protected against cross-site scripting (XSS) attacks.

Verify that the login page is protected against cross-site request forgery (CSRF) attacks.

Verify that the login page is protected against session hijacking.

Verify that the password is hashed before being stored in the database.

Verify that the password is salted before being hashed.

Verify that the login page is protected against brute force attacks.

Verify that the login page is protected against phishing attacks.

Verify that the login page is protected against man-in-the-middle (MitM) attacks.

Verify that the login page is protected against replay attacks.

Based on this response, I upped the game a little bit and asked one more question on testing.

Me: Nice! How does it change if there is one more text field on the screen that will allow a user to sign-up if they have not already?

If there is an additional text field on the login page that allows users to sign up for an account, the functional and security test cases would change as follows:

Functional Test Cases:

Verify that the sign-up field is displayed correctly on the login page.

Verify that the user can enter the required information to create a new account.

Verify that the user is redirected to the appropriate page after successful sign-up.

Verify that the user is presented with an error message when invalid information is entered during sign-up.

Verify that the user’s account is created and stored in the database after successful sign-up.

Verify that the user is able to login to their account using their newly created credentials.

Security Test Cases:

Verify that the sign-up page is protected against SQL injection attacks.

Verify that the sign-up page is protected against cross-site scripting (XSS) attacks.

Verify that the sign-up page is protected against cross-site request forgery (CSRF) attacks.

Verify that the sign-up page is protected against session hijacking.

Verify that the password is hashed before being stored in the database during sign-up.

Verify that the password is salted before being hashed during sign-up.

Verify that the sign-up page is protected against brute force attacks.

Verify that the sign-up page is protected against phishing attacks.

Verify that the sign-up page is protected against man-in-the-middle (MitM) attacks.

Verify that the sign-up page is protected against replay attacks.

It’s important to note that these test cases are in addition to the test cases mentioned earlier and should be included as a part of the overall testing of the login page.

Based on a couple of simple interactions itself, it is clear to me that testing as we know it today will vanish in another 3–4 years because AI can replace most of the testers. And this AI will only keep improving.

It is time for all testers to upskill and reskill themselves.

{Edit: Many people had questions regarding the post. I have made part-2 of this post as well. Please check that too.

https://medium.com/@bigfundu/chatgpt-rip-testers-part-2-d87e4aacba9d}

--

--

Devil’s Advocate

Seeker for life. Looking to make technology simpler for everyone.