Practice Site · QA Lab
Buggy Web App.
Sign in to TaskFlow — a multi-page project-management app with a dashboard, tasks board, projects, team and settings — and hunt 13 realistic seeded bugs across authentication, validation, permissions, state persistence, search, notifications and file upload. Use the 🔄 Refresh button to expose changes that look saved but never persisted.
On this page19 sections
// WHAT YOU'LL PRACTISE
- Exploratory testing
- Bug discovery
- Bug reporting
- Severity and priority assessment
- Regression testing
- UI testing
- State testing
- Permission testing
- Search testing
- Basic API investigation
- Automation of failing scenarios
// WHO THIS IS FOR
// APP MODULES
// TEST DATA
Ready-to-use data for positive, negative and boundary scenarios.
Users
Tasks
Files
// PRACTICE MISSIONS
Small, focused tasks to warm up before the full lab.
Find 5 permission bugs
Exploratory testing, authorization testing
→ Bug reports with evidenceRun a 30-minute exploratory charter
Charter-based testing, note-taking
→ Session notes, bug listCatch the 'saved but not persisted' bugs
State / persistence testing
→ Regression checklist// EXPLORATORY CHARTERS
Time-boxed missions for a session-based exploratory test — pick one and take notes.
- 1Explore login and registration for 30 minutes — try empty, wrong and missing credentials.
- 2Explore task creation, editing and deletion — push validation and state persistence.
- 3Explore permissions between two users — can you act on data you don't own?
- 4Explore mobile layout and keyboard-only navigation across the app.
- 5Explore broken states after refresh, the back button and logout.
// TEST SCENARIOS
Challenge 1 · Sign in
- Test the login form — try an empty password, a wrong password and a missing email. Does authentication actually verify the password?
Challenge 2 · Dashboard
- Cross-check the dashboard stats against the Tasks board. Do the counts (especially Open tasks) match reality?
Challenge 3 · Tasks board
- Create, assign, move, edit and delete tasks. Look for validation, error-handling, permission, state-persistence and notification bugs. Use Refresh to check what really saved.
Challenge 4 · Search, projects & team
- Test task search (case sensitivity, empty results), archived-project actions, and the team invite form's email validation.
Challenge 5 · Settings & regression
- Test profile save (then Refresh) and document upload (try a file over 1 MB). Then build a regression checklist that would catch every bug you found.
// SEEDED BUGS
This app seeds 13 bugs. Try to find them first, then reveal the answer guide to check your findings — each row links to its Common Bugs category.
| Bug | Example | Skill | Common Bugs |
|---|---|---|---|
| Login accepts any password | Sign in succeeds with an empty or wrong password | Authentication testing | Authentication bugs → |
| Dashboard stat miscount | "Open tasks" undercounts — In-progress tasks are dropped | Data validation | Data bugs → |
| Required field bug | A task can be created without a title | Validation testing | UI bugs → |
| API 500 bug | A long or odd title shows a raw 500 instead of validation | Error handling | API bugs → |
| Permission bug | You can edit and delete tasks owned by other users | Authorization testing | Permission bugs → |
| State bug | A task status change reverts after Refresh (never persisted) | State / persistence testing | Data bugs → |
| Search bug | Task search is unexpectedly case-sensitive | Search testing | Search bugs → |
| Notification bug | Assigning a task to someone never notifies them | Notification testing | Notification bugs → |
| Comment bug | A deleted comment reappears after Refresh | Data consistency | Data bugs → |
| Archived project editable | An archived project still exposes an enabled Edit action | Business rule / authorization testing | Permission bugs → |
| Invite validation bug | Team invite accepts an invalid email like "notanemail" | Form validation | UI bugs → |
| Profile not persisted | Settings save says "Saved" but reverts after Refresh | Regression testing | Data bugs → |
| Upload bug | A document over 1 MB shows success but is not saved | File testing | File upload bugs → |
Steps to reproduce
- Sign in and open a task owned by a different user
- Use the Edit action and change the title
- Save and refresh
Expected: Edit / delete are blocked for tasks you do not own.
Actual: The change is accepted and persists — no ownership check.
// REGRESSION CHECKLIST
The checks that would catch every seeded bug — reveal once you've done your own pass.
- Login rejects an empty or wrong password
- Dashboard counts match the tasks board
- A task cannot be created without a title
- Users cannot edit tasks they do not own
- Status changes survive a refresh
- Assigning a task notifies the assignee
// SELF-CHECK
A quick way to gauge how far you got — no account, no score, just a personal yardstick.
Bronze
Found 5 bugs.
Silver
Found 10 bugs with clear, reproducible reports.
Gold
Found 15 bugs and wrote regression tests for the worst.
Portfolio-ready
Added automation or exploratory session notes.
// MANUAL & AUTOMATION TASKS
Manual testing tasks
- Perform a 30-minute exploratory test session.
- Create a mind map or checklist of tested areas.
- Report at least 10 bugs.
- Assign severity and priority to each bug.
- Create reproduction steps with expected and actual results.
- Retest selected bugs after simulated fixes.
Automation tasks
- Automate login validation.
- Automate task-creation validation.
- Automate search behaviour.
- Automate an attachment negative scenario.
- Automate permission-bug checks.
- Create regression tests for reported bugs.
// INTERVIEW MODE
Reflection questions to rehearse how you'd talk through testing this app.
// WHAT YOU'LL PRODUCE
// SUGGESTED TOOLS
// AUTOMATION STARTERS
Fork a ready-made framework to automate this app — each sample ships with setup, CI and reporting.
// DOWNLOADS
// PORTFOLIO WRITE-UP
Use this as a starting point for your CV, LinkedIn or portfolio — swap in the tools and findings that are actually yours.
I tested a deliberately buggy SaaS-style web app using exploratory testing. I found and documented issues across login, tasks, search, attachments, permissions and responsive UI. I wrote clear bug reports with severity, priority and reproduction steps, then created regression checks for the most important bugs.
// NEXT RECOMMENDED APP
E-commerce Practice App
Practise search, filters, product pages, cart, checkout, payment simulation, discount codes and order history — manual, automation and responsive testing in one app.