Skip to main content

Posts

Cynefin beginnings

Cynefin was on my radar ever since I joined The House. It seemed an interesting idea worthy of further pursuit, therefore I decided to visit a training on this topic in London this April.



My first thought was  "What I'm doing here?!" - the other attendees were a mix of scrum masters, project managers and similar sort, which was actually to be expected. Cynefin is a decision-making framework which seems to be applicable mainly in management, but my firm belief is that testing can benefit from it equally.
My goal was, however, to find out more about Cynefin and how to apply it to my work as a software tester. I expect it will take some time to my thoughts on this fully settle and I get the whole picture from this training. My colleagues got already some very good insights from cynefin, my goal is to follow this path. The purpose of this blog is to summarize my thoughts on this so I can revisit later in my life and maybe see how much my understanding changed.

Finding out in…
Recent posts

Testing impact on security

... or the impact when testing is lacking?

Security breaches, hacks, exploits, major ransomware attacks - their frequency
seem to increase recently. These can result in financial, credibility and data
loss, and increasingly the endangerment of human lives.

I don't want to propose that testing will always prevent these situations.
There were probably testers present (and I'm sure often also security testers) when
such systems were created. I think that there was simply a general lack of
risk-awareness on these projects.

There are many tools and techniques from  a pure technical point of view to harden the software in security context. Some of them have automated scans which crawl through your website and might discover the low hanging fruits of security weaknesses (ZAP, Burpsuite...), without much technical knowledge from the person operating it. The more important aspect is however the mindset with which you approach the product. The tester is often the first person to discov…

Kali Linux 101

Linux was always a bit too 'geeky' thing for me. My recent time on bench provided me however with time and motivation to go into this "terra incognita".
The intention was originally to learn some foundations of security testing. After a while I discovered that Kali Linux could provide also benefits for the everyday testing routine. Following is a simple set of tools that will support and enhance your testing.
whatweb Whatweb is a web scanner which provides information about the technologies used on the website, mail addresses found and many more
Example (type into terminal in Kali Linux): whatweb 0-v https://www.houseoftest.rocks/


whois  Provides domain and legal information about the target website (where is it registered, owner, address, etc.)
Example: whois houseoftest.rocks



cewl Outputs all the words contained in the target website. You never know when such feature comes handy. You can output also into a file of course. Example: cewl https://www.houseoftest.ro…

Don't blindly follow requirements

Each rule/requirement has a reason to exist and I firmly believe the written form of the rule is rarely 100% mirroring the intention.
A really nice example of this is the following situation:
Rule/Requirement -> Person on ID photo shouldn't have glasses on

If you look closely you can see my glasses which is a clear breach of the rule.
PS: To you my fellow clerk in the Swiss Strassenverkehrsamt: I'm not angry at you, but when the AI kicks in, you will the first to be replaced by  computer;)

Testers toolkit

As every craftsman needs his tools, testers are no exceptions.

I was this weekend at SOCRATES SWITZERLAND (SOftware CRAftsmanship and TESting) where we talked also about useful everyday tools.

This list tries to be as general as possible to provide tools which can be useful to most part of everyday work, more specialised test-useful tools are very context dependent. I use most of the tools mentioned here and believe they can provide value also to you.

DocumentingScreenshot - good picture is worth thousand words, this applies especially for testing, the following are some screenshotting tools and editors I used and can recommendLightscreen - simple tool for capturing pictures, free, cannot edit the picturesFastStone - screen capturing tool and editor, cheap & gets the job doneSnagit - very powerful screen capturing tool and graphic editor, many functions which you never knew you can do, but wont be able to live without afterwards, a bit priceyRecording (Flashback Express) - well a…

RTI - training for testers in Bratislava

I wanted to contribute into the testing culture of my company, so i decided to lead a training.

I was trying to condensate the Rapid Testing Intensive online 3 days course from James Bach and Michael Bolton into a 6 hour training class.

It went in my opinion quite well. I don’t want to reproduce the theory part of it, which you can see here

The practical part was more interesting, each of the participants was testing an freeware screenshot tool (which I rather don’t mention here), we were suprised how many bugs we found on an publicly used tool, some of them crashing the whole application down.

Our Mission: