Before several months when I heard about Weekend Testing I thought what an amazing initiation took by Ajay Balamurgadas, Manoj M V, Parimala Shankariaha, Sharath Byregowda with a great inspiration from Pradeep Soundararajan. My apologies that it has been late for me to write a blog post about WT (From now on, I will refer Weekend Testing as WT in my upcoming posts about WT).
What hit my mind when I heard about this idea?
I thought how could no one think about this before? Because, they were not bothered about bringing a change in the community or May be there are numerous reasons. But what matters is that finally it was initiated by passionate testers from Bangalore.
What do they do in WT?
You might be having this question in your mind. Instead of me elaborating on the answer to this question I would like you to visit http://www.weekendtesting.com/ to find out much more.
Recently, Ajay Balamurugadas gave an paper presentation in STC 2009 & there were amazing comments given by Michael Bolton. Also, James Bach blogged about WT in his blog. I heard from Pradeep Soundararajan that Ajay gave a awesome presentation. I was happy to see some kind of cool initiation that would account for bringing the change in the community.
WT is growing each and every second. Every weekend there are new testers coming in and testing various products depending on the mission given to them. If you are not still participating in WT then I think you are missing a great opportunity.
Registration and other details you can find it out at WT official website http://www.weekendtesting.com/ or you can contact the founders of WT.
While I was attending Michael Bolton’s workshop on 17th November, 2009 he assigned us with some activity. I created a text file and saved it. Later, when I pointed on the text file it said, “Created on as 2055 year”. Then I checked the clock settings and it was also 2055 (I remembered that I had set it to 2055 before few days while I was just trying to find problems in Microsoft clock.
Then I changed the clock setting to the proper date. Now I pointed on the text file and it still said, “2055” year. Now the question is doesn’t it sound weird when you show the text file to your friend which says, “It is created in the future 2055 year”. What do you think about this scenario? Is it a problem or no problem? Let us debate on this scenario?
Most of you must be using record and playback tools like QTP, Selenium etc. But I have heard from some people that QTP, Selenium and other god automation tools doesn't work with or support their application (What? You must be kidding, how can QTP not support your application - It is a GOD for automation *LOL*). When these people say that they couldn't figure out a way, I remember a quote - "A fool with a tool is still a fool". Most of the people search for tools from great vendor list. What about open source? They can do wonders. What about tools that have been not listed in Open Source tools?
I found a tool which is of 920 kb size and can do wonders as a simple record and playback. You have the tool but you need to think how you can utilize it. In what ways can you utilize it. The name of the Record and Playback tool I discovered is, "Auto Clicker & Typer" (This tool doesn't require you to take training or go through the Help Documentation in order to use it). You can just download it and you will know how to use it. But with a tool also comes few limitations. But to some extent you will find this tool useful.
Now don't give comments like, "Where can I download it from?", "Please give me the link" and blah blah blah. Google is your friend.
Today morning, I woke up and was writing an article. You must be knowing that in "Blogger Editor" whenever you are writing a post the editor keeps saving the draft copy so that you don't lose any of your work. But when I was typing I got some weird message. Look at the image below,
In the image, you can see that at the bottom that there is an error message which says, "Post was not saved due to form errors" but also you can see that "Button has a text SAVED". Before "SAVED was SAVE NOW text in the button". This makes me to think that, "Has my post been saved or not" as it claims both saying that my post was not saved as well as saved.
Have you seen such kind of error messages which are not usable? If not you must be willing to see more of these right? If you were not known about Ben Simo's blog then you must visit it to know problems.
I predict that there are many more problems associated with the Blogger. This problem was found by me accidentally while I was writing an article.
Consider the following image which is a login screen of WordPress product,
I have seen many people struggling to find problems with the "Log in" screen. May be test cases say to them, "You are not allowed to think, Just follow the script & you will be fine". But my question to such people is, "Have you really done your job"? What kind of loop holes can a login screen have if you have not even touched that part of login screen. What kind of potential problems it might have? The most answers I have seen in some of the forums for testing login screen are, "Test for SQL Injection, Test for Boundary Value Analysis and few more obvious tests". But have you thought beyond these obvious tests? You can see an image Wordpress Log in screen. Now, I am going to list the test ideas that I came up with for testing WordPress login screen. Err, it doesn't mean you can't apply these ideas to other login screen. Some ideas might work for any login screen.
So here I go with my test ideas,
1.Check what is the maximum size set for the input
2.Check what kind of characters does it allow
3.Check if the database is vulnerable to SQL Injection
4.Check if there is any way that you can know the credentials from the code
5.Check if the URL shows the entries of the inputs in encrypted or normal way
6.Check what happens when you give different combinations of inputs
Example combinations can be –
a.Wrong username – wrong password
b.Wrong username – correct password
c.Correct username – wrong password
d.Correct username – correct password
e.Special characters in both the fields
f.Username with special characters – Password with alphanumeric
g.Much more combinations that your mind can think of
7.Check if you can crash the database by entering more characters than maximum size from any of the browser that doesn’t support “size” variable to be processed
8.Check if the validation is done on client as well as server side
9.Check if there is any cookie that is going to be stored during login
10.Check if there is any session time out for idling for certain period of time
11.Check if HTML code or Javascript code can be inserted through the text fields
12.Check if username can be copy pasted – Why do I need to check copy paste for username? (Password copy paste check is fine but why username?) Most of the people use usernames which are hard to remember (Note that usernames can be even complex as password so most of the people copy it and paste it in the username field to save time)
13.Check if password is showing asterisk or anything but not the password
14.Check if “Remember Me” feature is functioning properly – Check in the browsers which are widely used)
15.Check how is the password getting stored and where is it getting stored and any user have access to that area to steal the password in absence of the real owner of that account
16.Check if there are minimum characters that has to be entered to process the login – if “YES” how many?
Do some scenario testing,
17.A & B are two users who use cyber computer. A comes to cyber and logs in to his/her account and suddenly the power goes off & there is no UPS. Now A has not logged out & A waits for some time for the power to come and after a long wait A leaves the cyber. Now when the power comes user B logs into the same computer that A used and in IE or Mozilla Firefox he/she types the URL of the account that A used.
From the above scenario,
a.Check if “A” has been logged out as there was no activity for certain period of time.
b.Check if even after “A” went to another cyber where there was power and then logged out & still B is able to access the privileges of user A?
18.A & B are two users who are using cyber computer, A is currently logged in. A gets a call on his/her phone & goes out for some time to talk his/her friend. Now B has access to A’s machine and he/she tries to change the password of A.
a.From the above scenario, you need to check if the product has security enabled like, it asks for Current Password and then new password.
b.If it doesn’t ask for current password and allows B to change the password by just entering new password then it is a potential problem.
Note that these are not "THE IDEAS" but few ideas that I came up with. You can try different scenarios and add your ideas to this list.
I have seen many people pressing “CTRL+ALT+DEL” button whenever they want to end any process or a program because of numerous reasons. A program might not be responding or a program might be hung. But most of the people don’t explore the features of Task Manager. They just use it because most of the people use it in ending the program. If you see clearly the Task Manager you might find different Tabs like “Applications”, “Processes”, “Performance”, “Networking”, “Users”. These all the tabs give a lot information for a tester to help him/her in a testing activity. To explore more about Task Manager you need to use it & I hope it doesn’t take you much time to just press “CTRL+ALT+DEL” in your system and explore the features of TASK MANAGER.
The different ways in which you can invoke task manager are,
1. You can click on “Start” -> “Run” -> Type “taskmgr” and hit enter or click on “OK” button.
2. Just press CTRL+ALT+DEL button simultaneously.
3. Right-click on the task bar and click on “Task Manager”
The advanced tool which has more features than Task Manager is Process Explorer. Just type “Download Process Explorer” in Google Search & the first search result is your way to go.
PERFORMANCE
You might have used various tools for testing Performance of your system. Have you tried a handy tool that is provided with your Windows Operating System? No right. Assuming that you haven’t tried it let me guide you to the built in tool. There is a tool in Windows Operating System that monitors the performance of your system. This tool is especially provided for the administrator. Only a user with administrative privileges on his/her system can use this tool. The tool name is “Performance”.
To invoke the program and start using it,
1. Click on “Start” -> “Run” -> Type “perfmon.msc”.
2. Go to “Control Panel” and click on “Administrative Tools” & then click on “perfmon.msc”.
You will be amazed to see this tool which will be of not great help but little help to you for a quick start. “Performance” tool will help you to understand the working of pages in Operating System. The more you study about the “Performance” tool, the more you understand about the working of your system.
Dr Watson
Dr Watson is another built in tool in Windows Operating System. It is a troubleshooting utility that helps a user in fixing the error or an issue with his/her system.
To open Dr. Watson, click Start, and then click Run. In the Open box, type drwtsn32.
Dr. Watson cannot prevent errors from occurring, but the information recorded in the log file can be used by technical support personnel to diagnose the problem.
The above Notes have been collected from Help & Support of Windows. Now you must be understood about Dr Watson. Use this & you will find how to handle the errors and how you can use the error logs to debug the problem or fix a problem in your system.
Reference: Help & Support of Windows Operating System.
Event Viewer
Event viewer is a program that comes with Windows Operating System which is used to maintain the log files, event data or your system data. You can gather the information about your hardware from the Event Viewer.
To know about it more click on “Start” -> “Run” -> Type “eventvwr.msc”.
Note that I’m just giving you the brief information and not the complete detailed information because I want you to explore more about the tool rather than just following my document and keeping yourself confined to these points.
Remote Desktop Connection
What if a tester, want to test an application on a different Operating System like Linux, Solaris, Macintosh etcetera. A tester might find it difficult because he/she might not have the resource currently. So this is where Remote Desktop Connection comes to help of a tester. You can just connect to a machine which might have different configuration and test it. There are many third party remote desktop connection with free license as well as commercial license out there in the market but why shouldn’t one use which is built-in program of Windows Operating System. To start using Remote Desktop Connection you just need to click on “Start” -> “Run” -> Type “mstsc”.
Similar Programs
LogMeIn
TeamViewer – Desktop Sharing Program.
ProCaster – This is the one which is developed by LiveStream which was formerly known as Mogulus. (This is similar to Webinar kind but still can be useful for a tester to demonstrate it to someone while he/she wants to reproduce the bug and show it to the developer from a remote location).
Thank you for reading this document. I request you also to produce documents which can help the community of Software Testing Professionals.
The first thing that comes to my mind when I talk about test cases is Excel Sheet where there are different columns and numerous rows. This document talks about why one should write and why one should not write the test cases. There are pros and cons of scripted testing and non-scripted testing. Note that this document doesn’t advocate on one approach be it scripted or non-scripted. Before I start my talk on the topic let me throw some light on brief introduction about test case.
Definition of a Test Case
Test Case is a set of given inputs to see whether the outcome is as expected or it’s different. To make it simple: a tester does some test and sees the result of output. Then he compares the actual result with the expected result to write Pass/Fail in the Result column.
Where to write test cases?
Different organizations follow different kind of editors to write test cases. But normally they use Microsoft Excel to write test cases.
Do I need to write test cases or not?
Let me consider myself as an example: I don’t want to write test cases in excel sheet or any text editor. But it doesn’t mean that I don’t know to write a test case. Nowadays, a tester needs to have skill of writing test cases & should be well versed with Microsoft Excel. I can write 1000000000000+ test cases for an application if an organization mandates me to write test cases. But I get bored doing this job. I can’t do this for longer time. Maybe this is why most of the people have a myth which is “Testing is not a challenging job”. I don’t like writing test case doesn’t mean others don’t want to write it. Different people have different perspective about test cases. What one company test case definition is might differ from the other company’s definition of a test case.
At the end of any discussion the question that stays in our mind is “Confusion that, Should I write test cases or follow some kind of approach”.
There is no standard definition for anything – Santhosh Tuppad.
I, Santhosh Shivanand Tuppad as an author of this document hold all copyrights. No individual is allowed to copy this and host it anywhere else on this earth. However, you can use it for your testing activity & re-distribute this by retaining the credits to the author.
Below are few test ideas that you can use in your testing activity with respect to database.
1. Check for the database type. Example: Flat file or MySQL/Oracle/DB2 et cetera.
2. Check the strength of credentials for phpMYadmin (Depends on the type of Control Panel you are using)
3. Check if any database details are not commented in the code.
4. Check for SQL injection vulnerability – If you are not so good with my SQL injection use tools like TestersDesk.com or try cheat sheet
5. Check if the database is of flat file type then how is it secured? – What are the consequences if it is not secured?
6. Check if forms validation is done on backend
7. Check if you can process your own query through forms (It can be MySQL or Oracle or any database query you would like)
8. Check if there is any data backup for specific intervals (This is important because your competitor might be looking at harming your business)
9. Check the compatibility of database backup with other control panels
10. Check how easily can one database type be converted to another database type? Example: mSQL to MySQL or vice-versa
Frequently Asked Questions
1. I am testing registration form with text fields and other input fields. How do I check if the validation of maximum size is also done server side?
I will explain this using a scenario so that it would give you more clarity about the solution.
Suppose the registration form says, “You can’t have 30 characters for your username” which means the maximum size is equal to 30 characters. But you can see if this validation is done on server side in the database also?
Now, you need to go to the “source code” and copy it in the notepad or any text editor & find for the maximum size = 30. Try changing it to 99 or any other value or remove that attribute. Then save the file on your machine. Now, open it in Internet Explorer or Mozilla Firefox and try entering more than 30 characters and submit the form.
Now you need to check whether did it process or give an error that only 30 characters can be entered. If it gives an error message then it means validation is done on backend also.
The above one is just an example but you can try many more strategies.
2. What is phpMYadmin?
In simple words, it is control panel for your database from where you can submit query, alter query and view the tables of your database. Google it – for more explanation
3. I want to contribute to this document. How do I?
Simple – write an e-mail to me at Santhosh.Tuppad@gmail.com
I assume that most of you might have worked with Properties of Mouse. One day, while I was sitting in my workplace I thought of changing the mouse pointer speed. I went to Settings & then clicked on Control Panel. I chose Mouse Properties. But later after setting the mouse pointer speed I thought of changing the properties of "Wheel" in mouse. The "Wheel" tab seems to have a potential problem. Let me show you how it fails.
Follow these steps to reproduce the problem which I got,
1. Click on "Start" -> "Run" -> Type "main.cpl" without quotes and click on "OK"
2. Click on the "Wheel Tab"
3. Now change the setting to anything you like and then click on "Apply" (Now the settings should be applied)
4. Now don't click on "OK" button but click on "X" (Close) or click on "Cancel" button
Now again go to Mouse Properties and click on "Wheel" tab. Awwww, what's this? The settings that you had changed has not been saved. The settings are reverted back to the old one's even after applying by clicking on "Apply".
Weird right? I don't know if this problem has been reported to Microsoft or not. However, this might be a major problem as it is one of the feature of "Control Panel".
Today, as it was weekend I thought of going somewhere out. I went to Landmark and was just buzzing around and I noticed a book about "Writing". Picked the book and started reading. The book explained about "Writers Block". When I started my blog I did not think if my writings will be thought as good or bad. I just started it, because I was writing the blog for myself. Most of the people when they are asked to start a blog they just tell, "I don't know where to start, I am thinking of a name of my blog". Well, I think they are blocking themselves by giving all these reasons. Even if most of the people start blogging they are not consistent. I do understand that it is difficult to be consistent in writing.
People that I know have given me some reasons as follows when I asked them start blogging,
1. Who will read my blog?
2. Everyone is doing that? Why should I?
3. What are the benefits of blogging?
4. If I write, at some point of time people will think that I am an imposter.
5. My writing skills are not good. May be I will think of it in future when I might have some good writing skill.
6. I don't have time for it, I am happy with the work I do in my organization.
7. The list goes on...
If you think that what others think, then you will be always blocked. So clear all the blocks and start writing. No matter how good or bad is your writing just start it. Because with practice you become a good writer. I agree that my writings are not that good till now. But I see that my writings are improving for myself.
I have seen many bloggers who are consistent. One of the example is "Parimala Shankariah" - She always blogs and I see a tremendous change in her writings nowadays. Before I used skip through the content of her post. But now I go through them fully because the content is so compelling. So she is a "Live Oracle" for people who have not started blogging for some reasons which are acting as a block for themselves. Friends, I think you should really start writing now. All the best.
If you have any questions then you can e-mail me at Santhosh [dot] Tuppad [at] gmail [dot] com.
All of a sudden your wall clock stopped working. Then what would you do? The first thing you would think is battery replacement (Is this not an idea? Yes it is). Ideas should be thought of by thinking. If you do not know to think then it is difficult to generate the ideas. You can cultivate this kind of skill by practicing. It doesn’t mean that you practice with the complex things but you can start of with a simple thing. A precise example would be – There was a robbery in your colony. So how would you generate different set of ideas to investigate? If there was no robbery also, model some story of your own and start trying out different set of ideas or possibilities.
Example: There was a robbery of few bi-cycles in your colony. There was compound and the gate was locked. Now generate different set of possibilities that how a robber(s) would have robbed the bi-cycles.
The above one was just an example. You can try out your own scenarios. You might also want to say, “I don’t know to create scenarios, How do I do that?” To help you start of consider a below scenario which I thought of while writing this post,
“I was eating breakfast in hotel; I went to washroom leaving my Wallet on the table. As soon as I came the wallet was missing (Now you can try this scenario and generate the ideas that you could use for your investigation purpose).”
If you want to know about more ideas which you could not think of then you can ask different set of people to get different set of ideas. This would be a great exercise as you might get to know how different people think. But it is not good that always you seek the help of others to generate ideas. Then what would be the purpose of you having BRAIN.
One of the exercise me, Pradeep Soundararajan & Manoj M V had done was, “There was a coconut lying on the ground”. And the exercise was about, “How did it land over here”. There begun our generation of ideas. To know more about this exercise run to Manoj M V’s Blog.
Thanks for your time & I hope after reading this you will pick up an exercise instantly and have your ideas on a piece of paper (You can have a particular start time and end time so that you can know how fast you are doing it).
In today's competitive world, everyone is serious about their career but still make mistakes in their career because they did not make a proper decision? They were misguided by someone "X"? Or may be there could be many reasons that could have led to the mistake in their career.
If you are a fresher, experienced, or anyone seeking guidance in your career from the experts then you should register at http://www.interviewsandjobs.com/ & you will get access to their discussion forum where there are job listings about Testing, Blog, Ask the Expert, Newsletter & much more. Registration doesn't take more than 30 seconds. So why simply mess with your career? Just log on to http://www.interviewsandjobs.com/ and let our experts assist you in your career.
Please refer your friends as they might be benefited by us. Thanks for your time.
Recently, I took an initiative to start a repository for bugs of all the products that testers test and log it into a bug tracker. My intention was to contribute to the community & also help the open source projects who don't have enough funding. You can visit it through http://www.bugrepository.com/ & register there as a reporter. Kindly go through the F.A.Q section which would help you to understand Bug Repository in much better way.
Frequently Asked Questions 1. Who can register at Bug Repository & what is the procedure? How much does it cost? There is no cost for registration nor anything for using Bug Repository. If you are a tester and want to test then you can register here. Even developers or product owners can register. The procedure is not too lengthy. You just need to provide your e-mail address & few steps in order to login successfully.
2. I want to get my product tested & I don't have enough funding. How can you help me? Have you heard of Weekend Testing? If no I would recommend you to visit http://www.weekendtesting.com/ so that you will know how can you get your product tested by testers.
3. I want to use your bug tracker for logging the bugs? I want to do project with help of your bug tracker. Surely, you can do that. You just need to send me an e-mail at Santhosh.Tuppad@gmail.com & I will add the project & assign your username to the particular project so that you can use our bug tracker at free of cost.
If you have more questions then please e-mail me. You can Skype me at santhosh.s.tuppad.
I, Santhosh Shivanand Tuppad is the author of Rookie Tester. Most of you must be knowing me through TestersBlog. I belong to context driven school. If you want to know more about me then contact me at Santhosh.Tuppad@gmail.com or Skype me - santhosh.s.tuppad. I welcome you to my blog. Thank you.
Posts
