I solved the first problem by using explicitly Wait.

//wait until error message display
    expliciticWait.until(
            ExpectedConditions.visibilityOfElementLocated(
                    By.xpath(".//*[@id='ajax_loginform']/p[@class='response']")));

    //verify that "ERROR: Invalid login credentials." display
    WebElement errorMessage = driver.findElement(By.xpath(".//*[@id='ajax_loginform']/p[@class='response']"));
    String innerHTML = errorMessage.getAttribute("innerhtml");
    System.out.println(innerHTML);
    System.out.println(errorMessage.getText());
    Assert.assertEquals(errorMessage.getText(), "ERROR: Invalid login credentials.");

But the second problem is when I identify error message using following XPath expression still not solved.

".//*[@id='ajax_loginform']/p[contains(text(), 'ERROR']"

I would like to use this XPath expression because the web updates.

Shorter answer in single line is "Yes, both types uses same method but CSV if preferred because this provides real world data & analysis."

Long answer, for JMeter or any other performance test tools (as far as I know about others), it doesn't matter if you are using any CSV/Excel or any other data input method or not for creating load, as long as the number of threads are same (exception is related to application, which I tell later in answer). Performance test tools are concerned about the Load not about the input methods.

But, yes using parameterization in Performance testing is a recommended, preferred and good practice, because of many reasons like:-

1. Want to test how the application react with different type of users
2. Want to test how the application react with different type of data sets being returned from a search query.
3. Want to achieve a more closer real world scenario

See, what a load test tool do? It only simulates 100s or 1000s of users and provide their results; which can't be generated manually. It means tool has to perform the work and task of 100s of users and every user is different in real world (with their test data, their permission set etc.). That's why we use CSV files to feed performance tests, so that it can provide results as per the different users load.

We do performance testing, to achieve benchmarks and to satisfy all users need, what if we satisfy only 1 user need and generalize it to rest of the N-1 users.

Another, reason is for making the performance tests Robust, for example (based on applications I have load tested)

1. If application is having a business logic that 1 user can login only 1 time and if same user login again, then he/she will be logged out from 1st session. In such a case you have to pass all required 20 or more users via CSV files.
2. Another is, lets say your application have some Business logic which accepts current date or some ID which is unique in application, now for the former part if you need to run your tests over a week or month, then either you need to change the script or just change the CSV file value and in the later case as the ID should be unique, so for creating 20 records you can't use the same hard coded value, hence you need to parameterize values
3. Your application has different role users and permission set of different role of users is different and so the logic behind getting permission set. Now, if you use same user all the time, then either because of caching or because of getting same permission set again and again, you will not get the generalize result, it will be specific only for that hard coded role user

In addition to it, you will see the benefit of using CSV files, when you need to do volume testing (part of performance), here you will need to first create data with different data sets and then do performance testing, here using CSV files you can easily create multiple sets of data and increase size of your database. Load testing a Facebook shared image with 1000 comments with 100 users and load testing a Facebook image with no comment with 100 users both are different scenarios and with CSV file you can easily create 1000 comments with different or same number of users.

Because, firing a select query over 10 record table and 10,000 record table will show performance change and for setting benchmark you will need to insert these 10,000 records first in your application and then display them through application.

Obviously, you can't test everything. The question then is, how can you test as many of the most important things in the time you have available? This is a big question as written, and I'm only going to be able to cover it at a very high level. Apologies if I am not answering at the level you wanted, or if this answer is too basic

First of all, try and come up with equivalence classes. There should be some broad categories of error types that you can test for, specifically. Wrapping around the edge, resizing the screen, large numbers of blocks, etc. Do a rough sort of these equivalence classes in priority order, and start writing automated tests for them from highest priority to lowest. Prioritize based on the reduction in risk you think you will achieve for the time it takes to automate that test. Deprioritize tests that are hard to automate, or put them on a list of manual tests. These automated tests will become your regression test suite.

You may find that there are some cases where you have lots of parameters and cannot test all the combinations; in these cases, you may have to do some research into combinatorial testing to work out the proper way to get the best coverage with the time and resources you have.

Work with the developers (who absolutely need to be writing unit tests - you won't have time to do all the unit tests as well unless your dev / test ratio is less than 1) to ensure that tests are being written at the proper level. Many things should be covered in unit tests with mocks that may not need additional coverage in integration tests.

Test as much as you can without the UI; UI tests are the most expensive to maintain. Anything you can test at the API level or lower will be more free time to spend on exploratory testing (below). Make sure your tests at the UI level include saving screen shots on failure, so you can see what the error looks like.

In addition, plan on investing in manual exploratory testing. There are a lot of approaches to exploratory testing; one you should probably start with is taking the equivalence classes you haven't automated yet and start testing around them, manually, taking careful notes as you go. You will probably discover additional equivalence classes and tests as you go - either perform them as you think of them, or capture them somewhere so you can add them to your prioritized list later. When you find bugs, make sure you add automated regression tests for those bugs or create a workitem / JIRA ticket / etc. to track the missing test.

Exploratory testing is something of an art, and there are many techniques that people use to be more successful. James Bach and James Whittaker are both good resources, IME. James Bach has a good introduction to exploratory testing, and James Whittaker's exploratory testing tours may also be helpful. These "tours" are different ways to look at your software to uncover different classes of bugs.

If you have the time and resources, I would investigate to see if you can create some automated exploratory tests. These are tests that generate scenarios to test according to some algorithm, usually involving some random behavior but also some logic based on what you think would be interesting to examine, and then run a series of checks to determine if the scenario that was generated might have a bug in it (Do the logs have exceptions? Are elements overlapping on the screen that shouldn't be? Is too much memory being used? Did you get a stack overflow? Etc.). You can probably come up with good checks based on bugs you find through normal regression testing and manual exploratory testing. If the test might be hitting a bug, the test will try to capture any useful information - screenshots, exception stack traces, etc. - and will save that information somewhere for you to go over the next day and triage for real bugs.

Automated exploratory tests can run overnight and cover far more "turf" than what you could do manually, but will miss some bugs that will be really obvious to the human eye. At the same time, they may also catch some bugs that aren't always visible, but could cause problems under some circumstances (especially memory issues, etc., which can be tedious to test by hand). Good design is critical to making these tests as useful as they can be, as you may want to use several different algorithms to generate scenarios and use configuration to alter how often you use which algorithm, so your automated exploratory tests can mature along with the code base. Note that this style of testing is very important for a high level of polish, but also is time-intensive and resource-intensive. You simply may not have time to engage in it.

In my framework, I do not write code for any of the the webelements. I just store the locators (it is in Python, so simple dictionary literal works pretty well) in pageobject file for the page. I generate webelement from that as I need them - this saves lots of code. I could pretend I use factory pattern, but I don't - it is all much simpler than that, because Python's dynamic typing ignores type nazis and makes difficult things simple.

My advice would be not to start with framework. Start with coding what you need, and refactor as you learn more what your code need. Unless you are really experienced Java hacker with lots of OO design experience - and if you were, you would not be asking this question here, I guess?

I am recording user scenario using QTP 11.0. So I have set up URL to open in IE 11 in Record and Run Settings.

After starting record Security Windows dialog pops up over IE window:

I fill in all the information and click 'OK'. All the actions are displayed in test recording window:

Here is generated VB Script:

Window("Internet Explorer_2").Dialog("Безопасность Windows").WinEdit("Edit").Set "login"
Window("Internet Explorer_2").Dialog("Безопасность Windows").WinEdit("Edit").Type  micTab 
Window("Internet Explorer_2").Dialog("Безопасность Windows").WinEdit("Edit_2").SetSecure "55e843e24276e91e"
Window("Internet Explorer_2").Dialog("Безопасность Windows").WinEdit("Edit_2").Type  micTab 
Window("Internet Explorer_2").Dialog("Безопасность Windows").WinObject("DirectUIHWND").Type  micTab 
Window("Internet Explorer_2").Dialog("Безопасность Windows").WinButton("ОК").Type  micReturn 

But after the authorization is complited and web-page is loaded, not a single action is recorded. Does anyone know how to deal with it?

Researches till now:

Checked Object Identification... parameters for Web:

Checked Web Event Recording Configuration...:

I have been asked to automate the tests while developer has finished only some part of the change in the current sprint.

I have no framework, but I have been asked to concurrently automate the tests, so by the time coding part is done, automated test cases will be in pipeline for execution and thus whole process will be faster.

Is it possible? And Should it be done in this way? I have to use selenium for it.

You are demonstrating the need to learn. Very good indeed! Here is some advise:

1. Correct language usage. If you want to come across well and communicate effectively you need to take the time for this.

2. Read up on methodology. Know your terms and apply them correctly. Avoid common pitfalls.

3. Apply you mind. Look up existing test cases of good quality. Make sure you come to understand the how and why. Talk to other testers and developers, what are they worried about in the functionality? Initiate 2-sided discussions to come to good test approaches. Read up your bug database. How to catch these in your next test case? Etc Etc.

4. Think up more approaches as you go along and have fun.

You could, but you shouldn't. You can just create tests in Visual Studio.

Just use the Selenium NuGet packages and write the tests in C#. This beats having two development envs, one for the app and one for the tests.

Here is an getting started guide: http://automatetheplanet.com/getting-started-webdriver/

Or this older one without the NuGet package, but the dotnet download from SeleniumHQ: http://james-prescott.com/2014/02/01/tutorial-setting-up-selenium-webdriver-visual-studio/

I have a software requirement like "User shall be give a warning if value entered is >100" The requirement does not speak anything about the higher value. So obviously it is an open boundary condition. So how shall we conduct testing with invalid condition? What is the higher value I can consider for testing?

All who are working in Software Industry know that Risk Management is vital part of the Software Quality too. Even for non-IT industry Risk management is equally important, as the Risk might have high impact on the cost, quality, delivery, people and other areas.

But when I read about this topic (as I already searched a lot for this) I am not able to satisfy myself with the information. I have some questions and doubts related to this topic.

1. Some link says that Risk Management should be part of Test Plan and some lays emphasis on it inclusion in Project Plan, I think it is not right to write same risk at two places and tracking them down at two different locations will increase effort. So, which plan should actually contain Risk Management, or it should be completely a separate document?

Multiple times I hear about the term Risk Mitigation and Risk Contingency plans, during Risk Management.

2. What actually Risk Mitigation and Contingency are (few examples will really be helpful for me)?
3. Sometimes, I found that only Mitigation plan is more used and known to persons, but not enough information is there on Contingency plan. Why is that so?
4. Whose responsibility is to define Mitigation and Contingency plan? As in our project anybody goes to the Risk register and write something in it. But there should be some industry level standards on who should define which plan. What are those standards and guidelines?
5. Most of the time, the person defining the Risk also covers the Risk in the Mitigation plan. I think this should not be allowed. Do you agree?
6. Both Risk Management and Incident Management are same or different? If different then what line differentiates between them?