The white card below is a simulation of a login screen. Your valid test credentials are: tester@resync.nz / Password123. Use guided mode to see the bug list, or blind mode to hunt them yourself.
Techniques: Spec vs reality, Equivalence partitioning
Member Login
Enter your email and password to access your dashboard.
Your findings
0 / 0 bugs foundTick each bug as you confirm it on the page above. Progress saves automatically.
Write down every logic bug you find. Think about user expectations and security best practices.
Planted logic bugs (6)
- Case Sensitivity: Try logging in as
Tester@resync.nz. It fails, even though email addresses should be case-insensitive in most systems. - Password Masking: The password field uses
type="text", exposing the sensitive password to anyone looking at the screen. - Silent Validation Failure: Try an email without an
@. The button does nothing. A user would assume the site is broken because there is no error message. - Trailing Whitespace: If you accidentally paste a space after your email, the login fails. Systems should usually
trim()user input. - Success Loop: Upon "Success", the page simply reloads the login screen. The user never actually gets into the dashboard.
- "Remember Me" Reset: Ticking the checkbox clears the password field—a weird and frustrating interaction bug.
Logic bugs are harder to find than typos because you have to think like a user (and a hacker). Always test the boundaries!