Web Based Manual Testing Interview Questions (Complete Guide with Answers, Scenarios & Real-Time Examples)

Leave a Comment / Uncategorized / By

1. What is Web Application Testing?

Web application testing is the process of validating a web-based application to ensure it works correctly, securely, and efficiently across different browsers, devices, and user conditions.

In web based manual testing, a tester validates:

  • Functional behavior (what the system does)
  • User interface and usability
  • Session handling and cookies
  • Security vulnerabilities
  • Performance bottlenecks
  • Browser and device compatibility

Unlike automation, manual testing focuses on human judgment, exploratory testing, real-user behavior, and catching issues that scripts often miss.

2. Functional Testing Scenarios for Web Applications

Core Functional Test Scenarios

  • User registration with valid and invalid data
  • Login and logout functionality
  • Password reset and forgot password flow
  • Navigation between pages
  • Form submission and validation
  • Role-based access (admin vs user)
  • Error message handling
  • Data persistence after refresh or relogin

Login Test Scenarios

  • Login with valid username and password
  • Login with invalid credentials
  • Blank username or password
  • Password masking
  • Error message correctness
  • Account lock after multiple failures
  • Login from different browsers/devices
  • Login using bookmarked URL

Session Timeout Test Scenarios

  • Session expires after configured idle time
  • User redirected to login after timeout
  • Back button does not restore session
  • Session ID regenerated after login
  • Session invalidated on logout
  • Multiple tabs behavior after logout

Cookies Test Scenarios

  • Cookies created after login
  • Cookie expiry matches session timeout
  • Cookies marked as Secure and HttpOnly
  • Cookies not accessible via JavaScript
  • No sensitive data stored in cookies
  • Cookies deleted on logout

Cache Test Scenarios

  • Sensitive pages not cached
  • Browser refresh does not expose secure data
  • Back button after logout does not display pages
  • Cache headers validated
  • CDN caching only static content

3. UI + UX + Responsive + Accessibility Test Cases

UI Test Cases

  • Alignment of text fields, buttons, labels
  • Consistent fonts and colors
  • Proper spacing and padding
  • No overlapping elements
  • Broken images and links
  • Correct error message placement

UX Test Cases

  • Easy navigation and minimal clicks
  • Clear instructions and labels
  • Logical flow between pages
  • Helpful validation messages
  • Predictable system behavior

Responsive Testing

  • Layout adjusts on mobile, tablet, desktop
  • No horizontal scrolling on small screens
  • Responsive menus and buttons
  • Orientation change handling
  • Media queries working correctly

Accessibility Testing

  • Keyboard-only navigation
  • Tab order correctness
  • Screen reader compatibility
  • Alt text for images
  • Proper contrast ratio
  • ARIA labels for dynamic elements

4. Web Based Manual Testing Interview Questions & Answers

Q1. What is web based manual testing?

Answer:
 Web based manual testing is the process of manually validating a web application’s functionality, usability, security, and compatibility without using automation tools. It focuses on real user behavior and exploratory testing.

Q2. What are the main components of a web application?

Answer:
 Client (browser), server, database, network, APIs, and third-party integrations.

Q3. What types of testing are performed on web applications?

Answer:
 Functional, UI, usability, compatibility, security, performance, accessibility, and regression testing.

Q4. Difference between client-side and server-side validation?

Answer:
 Client-side improves user experience, but server-side validation is mandatory for security and data integrity.

Q5. What is statelessness in web applications?

Answer:
 HTTP is stateless, meaning each request is independent. Sessions and cookies maintain user state.

Q6. How do you test session management manually?

Answer:
 By validating session creation, expiration, regeneration, invalidation, and behavior across tabs and browsers.

Q7. What is deep link testing?

Answer:
 Testing internal URLs accessed directly without authentication.

Q8. How do you test pagination?

Answer:
 Validate page navigation, record counts, sorting, filtering, and performance on large data sets.

Q9. What is boundary value analysis in web forms?

Answer:
 Testing input fields at minimum, maximum, and beyond allowed limits.

Q10. How do you test file upload functionality?

Answer:
 Validate file size, type, corrupted files, malicious files, and server-side validation.

Q11. What is cross-browser testing?

Answer:
 Testing application behavior across different browsers and versions.

Q12. How do you test error handling?

Answer:
 Trigger invalid inputs and verify meaningful, user-friendly, and secure error messages.

Q13. What is exploratory testing?

Answer:
 Testing without predefined test cases using experience and intuition to find hidden defects.

Q14. How do you test concurrent user access?

Answer:
 By logging in from multiple browsers/devices simultaneously.

Q15. How do you validate logout functionality?

Answer:
 Ensure session is destroyed, cookies cleared, and back button does not restore access.

5. Security & Penetration-Based Interview Questions

Q16. What is XSS?

Answer:
 Cross-Site Scripting allows attackers to inject malicious JavaScript into web pages.

Example:

<script>alert(‘XSS’)</script>

Q17. How do you test XSS manually?

Answer:
 Inject scripts into input fields and observe if they execute or are safely encoded.

Q18. What is SQL Injection?

Answer:
 SQL Injection occurs when malicious SQL queries manipulate backend databases.

Example:

‘ OR ‘1’=’1

Q19. How do you test SQL Injection manually?

Answer:
 Use special characters, SQL keywords, and observe error messages or data leakage.

Q20. What is CSRF?

Answer:
 Cross-Site Request Forgery forces authenticated users to perform unwanted actions.

Q21. How do you test CSRF protection?

Answer:
 Modify or remove CSRF tokens and verify request rejection.

Q22. What is authentication abuse?

Answer:
 Misuse of authentication features like brute force or credential stuffing.

Q23. How do you test brute force protection?

Answer:
 Attempt multiple failed logins and verify CAPTCHA, lockout, or rate limiting.

Q24. What is session fixation?

Answer:
 Forcing a known session ID on a user and hijacking it after login.

Q25. What security headers should be validated?

Answer:
 CSP, HSTS, X-Frame-Options, X-Content-Type-Options.

6. API + Web Services Validation Examples

API Testing Scenarios (Manual)

  • Validate request and response structure
  • Verify authentication tokens
  • Validate HTTP status codes
  • Error handling validation
  • Boundary value testing

Common HTTP Status Codes

  • 200 OK
  • 201 Created
  • 400 Bad Request
  • 401 Unauthorized
  • 403 Forbidden
  • 404 Not Found
  • 500 Internal Server Error

Sample JSON Request

{

  “username”: “testuser”,

  “password”: “Test@123”

}

Sample XML (SOAP) Request

<loginRequest>

  <username>testuser</username>

  <password>Test@123</password>

</loginRequest>

Postman / SOAPUI Usage

  • Send API requests
  • Validate headers and tokens
  • Verify response time
  • Validate schema and payload

7. Web Performance Checkpoints

Key Performance Metrics

  • TTFB (Time to First Byte)
  • Page load time
  • API response time
  • Throughput
  • Concurrent user handling

CDN & Caching Validation

  • Static content served via CDN
  • Proper cache-control headers
  • No caching of sensitive data
  • Compression enabled

8. Browser & Device Compatibility Scenarios

  • Chrome, Firefox, Edge, Safari
  • Different browser versions
  • Android vs iOS rendering
  • Different screen resolutions
  • JavaScript compatibility issues

9. Real-Time Defects with RCA

Defect 1: Session Active After Logout

  • Severity: High
  • Priority: High
  • Root Cause: Session not invalidated on server
  • Fix: Destroy session token on logout API

Defect 2: XSS in Feedback Field

  • Root Cause: Missing output encoding
  • Fix: Encode user input before rendering

Defect 3: Slow Page Load

  • Root Cause: Large uncompressed images
  • Fix: Image optimization and CDN usage

10. Defect Logging Format + RCA

Defect Template

  • Defect ID
  • Summary
  • Steps to Reproduce
  • Expected Result
  • Actual Result
  • Severity
  • Priority
  • Root Cause
  • Environment

Severity vs Priority

  • Severity: Impact on system
  • Priority: Urgency of fix

11. Quick Revision Sheet

  • Validate login and sessions
  • Test cookies and cache
  • Perform security checks
  • Validate APIs independently
  • Test UI responsiveness
  • Verify cross-browser compatibility
  • Perform RCA for critical defects

12. FAQs + CTA

FAQ 1: Is automation required for web manual testers?

No. Manual testers focus on logic, usability, and exploratory testing, though automation knowledge is an advantage.

FAQ 2: Do manual testers need API knowledge?

Yes. Basic API understanding helps validate backend behavior.

Leave a Comment

Your email address will not be published. Required fields are marked *