Skip to main content

Commitments

These commitments are not from my own, all the credit goes here to James Bach.

I cannot imagine a better way to start my blog:
"
Dear Programmer,

My job is to help you look good. My job is to support you as you create quality; to ease that burden instead of adding to it. In that spirit, I make the following commitments to you.

Sincerely,

Tester
  1. I provide a service. You are an important client of that service. I am not satisfied unless you are satisfied.
  2. I am not the gatekeeper of quality. I don’t “own” quality. Shipping a good product is a goal shared by all of us.
  3. I will test your code as soon as I can after you deliver it to me. I know that you need my test results quickly (especially for fixes and new features).
  4. I will strive to test in a way that allows you to be fully productive. I will not be a bottleneck.
  5. I’ll make every reasonable effort to test, even if I have only partial information about the product.
  6. I will learn the product quickly, and make use of that knowledge to test more cleverly.
  7. I will test important things first, and try to find important problems. (I will also report things you might consider unimportant, just in case they turn out to be important after all, but I will spend less time on those.)
  8. I will strive to test in the interests of everyone whose opinions matter, including you, so that you can make better decisions about the product.
  9. I will write clear, concise, thoughtful, and respectful problem reports. (I may make suggestions about design, but I will never presume to be the designer.)
  10. I will let you know how I’m testing, and invite your comments. And I will confer with you about little things you can do to make the product much easier to test.
  11. I invite your special requests, such as if you need me to spot check something for you, help you document something, or run a special kind of test.
  12. I will not carelessly waste your time. Or if I do, I will learn from that mistake.
    "

Comments

Popular posts from this blog

Testing impact on security

... or the impact when testing is lacking?

Security breaches, hacks, exploits, major ransomware attacks - their frequency
seem to increase recently. These can result in financial, credibility and data
loss, and increasingly the endangerment of human lives.

I don't want to propose that testing will always prevent these situations.
There were probably testers present (and I'm sure often also security testers) when
such systems were created. I think that there was simply a general lack of
risk-awareness on these projects.

There are many tools and techniques from  a pure technical point of view to harden the software in security context. Some of them have automated scans which crawl through your website and might discover the low hanging fruits of security weaknesses (ZAP, Burpsuite...), without much technical knowledge from the person operating it. The more important aspect is however the mindset with which you approach the product. The tester is often the first person to discov…

Kali Linux 101

Linux was always a bit too 'geeky' thing for me. My recent time on bench provided me however with time and motivation to go into this "terra incognita".
The intention was originally to learn some foundations of security testing. After a while I discovered that Kali Linux could provide also benefits for the everyday testing routine. Following is a simple set of tools that will support and enhance your testing.
whatweb Whatweb is a web scanner which provides information about the technologies used on the website, mail addresses found and many more
Example (type into terminal in Kali Linux): whatweb 0-v https://www.houseoftest.rocks/


whois  Provides domain and legal information about the target website (where is it registered, owner, address, etc.)
Example: whois houseoftest.rocks



cewl Outputs all the words contained in the target website. You never know when such feature comes handy. You can output also into a file of course. Example: cewl https://www.houseoftest.ro…

Thrown into automation

Situation & Problem I was thrown into an automation test project.

Concretely test automation of 3 different applications (different in purpose, look, structure, behavior) which regression testing was covered only by a automation test suite that was written in AutoIt and the size of the code was quite complex and huge for a new person in the automation.
Well, that was not the problem, it is a description of the situation.

The problems weren't initially visible. I was never automating before, so I needed to learn quite a bit of the code & got to know all the applications that were part of the project.

The problems were not so appealing at the start, but I would formulate then as: Maintenance of the scripts took too longBy new versions of the application, it took some time to adjust the scripts to the changesThis caused delay in information flow from testers to managers & developersThe changes in the application were not clearly communicated to testersTesting was purely t…