Verification answers the question “Am I building the product correctly?” i.e. Does the product do what the requirements said that it should do. Verification is a low-level activity, done by testers and developers mostly, and performed during development on key artifacts, like walkthroughs, reviews and inspections, mentor feedback, training, checklists and standards. It is a Demonstration of consistency, completeness, and correctness of the software at each stage and between each stage of the development life cycle.
According to the Capability Maturity Model(CMMI-SW v1.1) we can also define verification as the process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase. [IEEE-STD-610].
Validation answers the question “Ami I building the right product?” i.e. Does the product being built actually fulfill its intended purpose and meet the client’s needs? Validation is done at the end of the development process and takes place after verifications are completed. It is a High level activity, performed after a work product is produced against established criteria ensuring that the product integrates correctly into the environment.
According to the Capability Maturity Model(CMMI-SW v1.1) we can also define validation as The process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. [IEEE-STD-610].
When you have a series of test cases in a script using an “assert” will halt the test run when it encounter a failure. On the other hand with a “verify” command it will continue to run and log the rest of the tests regardless of failures.
So the choice really dependent on the function you are testing. For example, if you have an email submission form and you want to test that the data verification module works for each input then you can test each input and just return the fail/pass results. Here you will use a verify statement.
But if on the same email submission form if you are testing the email submission functionality then if the first field, lets say, First name is not functioning properly then there is no point in testing the rest of the submission process, Here you will use an assert.
In practice however you use a combination of both. The Selenium documentation gives details of how this is done here.
While the terms a seem similar and in a certain way they are because they both test the integrity of the application “Security Testing” is and umbrella terms for all forms of testing done on an application to test whether the data that is in the system has the necessary protections (is it encrypted, can it be accessed by incorrect logins, etc. “Penetration testing” on the other hand is a specific secutiry test technique which is a black-box testing technique done to determine whether the system or network is protected from malicious sources. These are primaily to see if the network or system if susceptible to DDOS attacks, or whether there are open ports on the network that can be used to access server information, etc.
Selenium does not have the capability to automate captchas. This must be done manually by the tester. Ideally during the test period the tester should collaborate with the development team to disable the captcha temporarily so that the tests could be run unsupervised.