Skip to main content

Testing Mindset

Once upon a time there was a young and naive tester, he was new to the world of software testing. He often felt he didn't have what it took to be a tester. Sure, he found the odd bug, and he enjoyed his work, but he also often missed bugs, issues or problems.

After a while, he admitted to himself that this was a problem, and decided to seek help. He stood up from his desk and walked over to his test manager's desk. His manager was wise and experienced. He was the Mr Miyagi of testing, and as such was always offering zen-like advice for his team. A simple question about where the stapler had escaped to could turn into a somewhat baffling series of Haiku, leaving our young tester baffled.

Our novice explained his problem, and his concerns about how maybe he wasn't cut out for testing. The wise test manager smiled, thought for a moment and then opened his little Moleskine notebook. He turned carefully through the pages, settled on a page, looked up and said: "I overheard there was an issue with the login screens. A few users have reported issues, but not so many to suggest it was completely broken. Can you take a look?"

The tester was young and inexperienced, and this simple mis-direction worked well. Five minutes later he had isolated an issue with the login pages on the company's website. It fitted the bill, it only affected users in a minority web-browser, but would stop some users from logging in. He reported this issue to the programmers to be fixed.

The tester settled back into his routine, and got on with his normal testing work. But it wasn't long before his melancholy returned. He had a couple issues pass him by, despite being especially diligent in checking the conditions of satisfaction and even automating tests for several of them. He thought back to his last attempt at getting help from his test manager and realised he hadn't received an answer or ANY help for that matter.

He walked over to the test managers desk, and asked again for the test manager to help. The test manager looked somewhat puzzled, then lifted his notebook from his pocket, and leafed through the pages. Again he settled on a page, paused, and stated: "We got some feedback that the search function wasn't working. We don't have much to go on, but some users 'saw an error' whatever that might mean."

The tester, was somewhat annoyed at this second attempt at mis-direction and insisted on resolving the problem he asked about FIRST. This was after-all his career they were talking about! So the test manager suggested they talk about it after he'd investigated this latest issue, saying it probably wouldn't take long to sort out if there 'was a real bug' or not.

Within 20 minutes our tester had noticed that certain search terms caused an error in a popular web browser. While not an issue that would appear with every query, it was certainly one that would affect a large section of the users at some time. He quickly reported the issue to the programmers and marched back to the test managers desk.

Our tester started the conversation and explained that he didn't want to be chasing other peoples bugs. He wanted to find his own. Again the test manager smiled his zen-like smile, and picked his Moleskine™ notebook and handed it to the young tester. The young tester was about to lose his temper, when the still calm and collected manager suggested he flicked through the pages.

The now confused tester did just that, expecting to see notes from meetings and bug reports like those he had been given earlier. But instead he just saw one or two words on each page. The words didn't make a sentence or any other pattern - until the tester realised. They were just titles for sections of the website.

One page had "Login" written on it, another had "SECURITY" printed out in capital letters, and yet another page had "Search" scrawled across it. In fact many of the titles would apply to any or at least 'most' websites. The book was a checklist, the test manager wasn't giving him 'second hand' bug reports, he was enlightening him. All software has problems, ambiguities and bugs. So by suggesting a feature had a bug was just the test manager's way of getting his apprentice to approach the problem as a tester should. To approach with an investigative eye and with the expectation that he will learn more about how the software is and isn't working.


Popular posts from this blog

Betting in Testing

“I’ve completed my testing of this feature, and I think it's ready to ship” “Are you willing to bet on that?” No, Don't worry, I’m not going to list various ways you could test the feature better or things you might have forgotten. Instead, I recommend you to ask yourself that question next time you believe you are finished.  Why? It might cause you to analyse your belief more critically. We arrive at a decision usually by means of a mixture of emotion, convention and reason. Considering the question of whether the feature and the app are good enough as a bet is likely to make you use a more evidence-based approach. Testing is gambling with your time to find information about the app. Why do I think I am done here? Would I bet money/reputation on it? I have a checklist stuck to one of my screens, that I read and contemplate when I get to this point. When you have considered the options, you may decide to check some more things or ship the app

Test Engineers, counsel for... all of the above!

Sometimes people discuss test engineers and QA as if they were a sort of police force, patrolling the streets of code looking for offences and offenders. While I can see the parallels, the investigation, checking the veracity of claims and a belief that we are making things safer. The simile soon falls down. But testers are not on the other side of the problem, we work alongside core developers, we often write code and follow all the same procedures (pull requests, planning, requirements analysis etc) they do. We also have the same goals, the delivery of working software that fulfills the team’s/company's goals and avoids harm. "A few good men" a great courtroom drama, all about finding the truth. Software quality, whatever that means for you and your company is helped by Test Engineers. Test Engineers approach the problem from another vantage point. We are the lawyers (& their investigators) in the court-room, sifting the evidence, questioning the facts and viewing t

XSS and Open Redirect on Authentication pages

I recently found a couple of security issues with the website. The site contained an Open redirect as well as an XSS vulnerability. These issues were in the authentication section of the website, . The flaws could provide an easy means to phish customer details and passwords from unsuspecting users. I informed the telegraph's technical management, as part of a responsible disclosure process. The telegraph management forwarded the issue report and thanked me the same day. (12th May 2014) The fix went live between the 11th and 14th of July, 2 months after the issue was reported. The details: The code served via appeared to have 2 vulnerabilities, an open redirect and a reflected Cross Site Scripting (XSS) vulnerability. Both types of vulnerabilty are in the OWASP Top 10 and can be used to manipulate and phish users of a website. As well has potentially hijack a user's session. Compromised URLs, that exp