Manual Web Testing Interview Questions (40+ Scenario-Based Questions with Answers)

Leave a Comment / Uncategorized / By

1. What Is Web Application Testing?

Web Application Testing is the process of validating a web-based application to ensure it:

  • Works as expected (functional correctness)
  • Is secure against vulnerabilities
  • Performs well under load
  • Works across browsers and devices
  • Is usable and accessible to all users

A typical web application includes:

  • Frontend: HTML, CSS, JavaScript
  • Backend: Application logic and APIs
  • Database
  • Browser & network layer

👉 Manual web testing focuses on validating behavior, usability, risks, and real user scenarios—without relying on automation scripts.

2. Functional Testing Scenarios for Web Applications (Manual Focus)

Functional testing checks what the application does from a user perspective.

Login & Authentication Scenarios

  • Valid username and password
  • Invalid username/password error message
  • Password masking
  • Remember-me checkbox
  • Account lock after multiple failed attempts
  • Login using keyboard only (accessibility)

Session Management Scenarios

  • Session timeout after inactivity
  • Logout invalidates session
  • Browser back button after logout
  • New session ID after re-login
  • Multiple logins in different browsers

Cookies & Storage Scenarios

  • Cookies created after login
  • Cookie expiration validation
  • Secure and HttpOnly flags
  • Cookies cleared on logout
  • Sensitive data not stored in LocalStorage

Form Validation Scenarios

  • Mandatory field validation
  • Input length limits
  • Special characters handling
  • Server-side validation when JavaScript is disabled

Navigation & URL Handling

  • Broken links
  • Page refresh during form submission
  • Browser back/forward navigation
  • Direct URL access without authentication

3. UI, UX, Responsive & Accessibility Test Cases

UI Testing

  • Alignment of text, buttons, images
  • Font size and consistency
  • Color contrast and readability
  • Error message visibility and placement

UX Testing

  • Clear and meaningful error messages
  • Logical navigation flow
  • Minimum steps for critical actions (login, submit)
  • Consistent behavior across pages

Responsive Testing

  • Desktop, tablet, and mobile views
  • Orientation change (portrait/landscape)
  • Touch vs mouse interaction
  • Media query behavior

Accessibility (A11y)

  • Keyboard navigation (Tab, Enter, Esc)
  • Screen reader compatibility
  • ARIA labels for inputs
  • WCAG color contrast compliance

4. Manual Web Testing Interview Questions & Structured Answers

Q1. What is manual web testing?

Answer:
 Manual web testing is the process of testing web applications without automation tools, focusing on:

  • User behavior
  • Business logic
  • Usability
  • Edge cases
  • Risk areas

It relies on human observation and reasoning, not scripts.

Q2. How is manual web testing different from automation testing?

Answer:

  • Manual testing focuses on exploration, usability, and real user behavior
  • Automation focuses on repeatability and speed

Manual testing is essential for:

  • New features
  • UI/UX validation
  • Ad-hoc and exploratory testing

Q3. How do you test login functionality manually?

Answer:

  • Valid and invalid credentials
  • SQL injection attempts in username/password
  • Password masking
  • Session creation
  • Logout behavior

Login is a high-risk entry point, so both functional and security checks are required.

Q4. How do you test session timeout manually?

Answer:

  • Login and remain idle
  • Verify auto logout after configured time
  • Perform action after timeout
  • Validate session invalidation

Incorrect session handling can lead to security issues.

Q5. How do you test cookies in manual testing?

Answer:

  • Verify cookie creation
  • Validate expiration time
  • Check Secure and HttpOnly flags
  • Delete cookies and refresh behavior

Cookies directly impact session security and user experience.

Q6. How do you test caching behavior manually?

Answer:

  • Check cache-control headers
  • Perform hard refresh vs soft refresh
  • Validate stale data scenarios

Caching issues often cause data mismatch bugs.

5. Security & Penetration-Based Interview Questions (Manual Perspective)

Q7. What is Cross-Site Scripting (XSS)?

Answer:
 XSS allows attackers to inject malicious JavaScript into web pages.

Example:

<script>alert(‘XSS’)</script>

Manual testing includes:

  • Input fields
  • Search boxes
  • URL parameters
  • Stored vs reflected XSS

Q8. What is SQL Injection?

Answer:
 SQL Injection manipulates backend queries using malicious input.

Example:

‘ OR 1=1 —

Manual testers verify:

  • Input validation
  • Error message exposure
  • Unexpected login behavior

SQL Injection is a critical severity defect.

Q9. What is CSRF?

Answer:
 Cross-Site Request Forgery forces authenticated users to perform actions unknowingly.

Manual testing checks:

  • CSRF token presence
  • Token validation per request
  • SameSite cookie attributes

Q10. What is authentication abuse?

Answer:
 Authentication abuse includes:

  • Brute-force login attempts
  • Password reuse
  • Role escalation
  • Session fixation

Manual testers identify these through behavioral testing.

6. API & Web Services Validation (Manual Tester Level)

Even manual testers are expected to understand basic API validation.

Q11. Why should a manual tester test APIs?

Answer:
 Because:

  • UI depends on APIs
  • API bugs may not appear in UI
  • Faster defect isolation

Manual API testing improves defect detection quality.

Q12. How do you test APIs using Postman as a manual tester?

Answer:

  • Send requests manually
  • Validate response status codes
  • Check JSON/XML responses
  • Test negative scenarios

Postman helps manual testers validate backend logic.

Q13. What HTTP status codes should a manual tester know?

Answer:

  • 200 – Success
  • 201 – Created
  • 400 – Bad Request
  • 401 – Unauthorized
  • 403 – Forbidden
  • 404 – Not Found
  • 500 – Server Error

Incorrect status codes indicate design issues.

Q14. Difference between JSON and XML?

Answer:

  • JSON is lightweight and easier to read
  • XML is verbose and schema-based

Most modern web apps use JSON.

7. Web Performance Checkpoints (Manual Testing View)

Q15. What is TTFB?

Answer:
 Time To First Byte measures how quickly the server responds.

High TTFB may indicate:

  • Backend slowness
  • Network latency
  • Poor infrastructure

Q16. What manual checks can you do for web performance?

Answer:

  • Page load time observation
  • Network tab analysis
  • API response delay
  • Large resource loading

Manual performance testing identifies visible bottlenecks.

Q17. What is CDN and why is it important?

Answer:
 A Content Delivery Network serves static content closer to users.

Manual testers verify:

  • Static files load from CDN
  • Sensitive data is not cached

Q18. How does caching affect performance and security?

Answer:

  • Improves performance
  • Can expose sensitive data if misconfigured

Manual testers validate caching rules carefully.

8. Browser & Device Compatibility Scenarios

Q19. What is cross-browser testing?

Answer:
 Cross-browser testing ensures the application works consistently across:

  • Chrome
  • Firefox
  • Edge
  • Safari

Different browsers render HTML, CSS, and JavaScript differently.

Q20. How do you test mobile web applications manually?

Answer:

  • Real devices
  • Emulators/simulators
  • Responsive browser modes

Mobile users expect the same core functionality.

Q21. What are common browser compatibility issues?

Answer:

  • CSS layout breaks
  • JavaScript incompatibility
  • Font and alignment issues

9. Real-Time Manual Web Testing Defects & RCA

Defect 1: Session Not Expiring

  • Issue: User remains logged in after inactivity
  • Impact: Security risk
  • Root Cause: Missing backend session validation
  • Fix: Enforce server-side session timeout

Defect 2: Stored XSS Vulnerability

  • Issue: Script executes for all users
  • Impact: Cookie theft
  • Root Cause: Missing output encoding
  • Fix: Encode user input before rendering

Defect 3: API Returns 500 Error

  • Issue: API fails for large input
  • Impact: UI displays blank data
  • Root Cause: Missing backend validation
  • Fix: Validate payload and return proper error

10. Defect Logging Format + RCA + Priority/Severity

Sample Defect Template

  • Defect ID
  • Summary
  • Environment
  • Steps to Reproduce
  • Expected Result
  • Actual Result
  • Screenshots / Logs
  • Severity
  • Priority

Severity vs Priority

  • Severity: Impact on application
  • Priority: Urgency of fix

Security defects usually have high severity and high priority.

11. Quick Revision Sheet (Interview-Ready)

  • Manual web testing = user + risk focus
  • Login, sessions, cookies are high-risk
  • XSS, SQLi, CSRF are must-know
  • API basics are expected
  • Performance affects user trust
  • Cross-browser testing is critical
  • RCA shows tester maturity

12. FAQs – Manual Web Testing Interview Questions

Q: Is automation required for manual web testers?
 No, but understanding basics helps career growth.

Q: Should manual testers know HTML, CSS, JavaScript?
 Yes. Basic knowledge improves debugging and RCA.

Q: What is the most important skill for a manual tester?
 Observation, analytical thinking, and scenario creation.

Leave a Comment

Your email address will not be published. Required fields are marked *