Alan Richardson
How to Improve your Technical Test Ability
EvilTester.comSeleniumSimplified.comJavaForTesters.com
@EvilTester
What is Testability?
Expanding the requisite variety of the system to support testing
beyond that required by the user
https://www.jasondavies.com/wordcloud/#
Requisite Variety
Stafford Beer on Variety:"the total number of possible states of
a system, or of an element of a system"
Ross Ashby Only variety can destroy variety
Stafford Beer Only variety can absorb variety
https://www.youtube.com/watch?v=bDRudRhNgy4
Test Ability
What is Technical Testing?
A reminder to go deeper
Am I testing at the deep structures of the system?
Do I use technical risk to inform my testing?
Limiting Beliefs
If you choose not to do the work...
You will be limited in what you can test
You will rely on technical people on your team
Our Technical World Changes All The Time
tagcrowd.com
Being Technical requires constant learning of new stuff
It's hard work
So take it in in small chunksWhat technology do you work
with?
What tools do you use?
What programming languages?
What limits your testing?
Why do the work?
Why do the work?
No, really. Why?
To test the system more deeply
Increase more variety into your testing
Find errors that have escaped notice
Improve your technical skills and knowledge
Work more closely with developers
Find security issues early
Improve your testing
At long last, the Secrets of Technical Testing are Finally
Revealed
Modelling
We are powerfully imprisoned in these Dark Ages simply by the
terms in which we have been conditioned to think.Buckminster
Fuller, Cosmography
http://buckyworld.me/best-bucky-books/
Modelling
Collate your current terms and maps
Model what you know
Informal modelslists of stuff,
mind map brain dumps
Research and experiment to expand the models
An early model
Server
EvilTester.com
Expand the Browser Model
Server
JavaScript, CSS, DOM, Browser Plugins, Dev Tools, HTML, HTML5,
Images, Dynamic HTML, Async JavaScript, Local Storage, Cookies,
Cache, ...
Pick a Few to Start Working With and Investigate
Expand the Message Model
Server
HTTP, Headers, Authentication, TCP/IP, Proxies, Encoding, HTTP
Verbs, Responses, Response Codes
Pick a Few to Start Working With and Investigate
Modelling
...the prescription for action is not difficult to understand.
First of all, we need better models of the components...Stafford
Beer, Designing Freedom
http://www.scio.org.uk/node/12
Explore the Models
How can I Observe that?What JavaScript files are used?
How can I Interrogate that?What CSS is applied there?
How can I Manipulate that?How can I change the HTTP message
sent?
How can I change the HTTP status code received?
These questions help you identify tools to use
We could use tool capabilities to expand our models
Browser Developer Tools:Chrome, Firefox, IE, Safari
HTTP Debug Proxies:Fiddler, Charles, Owasp ZAP, BurpSuite
Plugins: FoxyProxy
Network Sniffers:WireShark
Observation in Browser
DOM Rendering using a browser
different browsers
Change size of window to check css resizing
Mobile Device Simulation
Observation in Browser
Can we observe the HTML?
Observation in Browser
How else can we observe the HTML?
Manipulation in Browser
Can I change the HTML?
Observation in Browser
What else can I observe? Traffic?
Interrogation in Browser
Can I see that request in detail?
Observation in Browser
What else can I see?
I can set
breakpoints
too I can see
the running
code and
variables
Observation in Browser
JavaScript level performance and profiling
Mobile Testing Hints
Why Observe?
Stare in amazement as you see things you've never seen
before
Use your Google-Fu to investigate this set of unknown data with
online searches
The more you understand, the richer your model becomes, and the
more you will spot
Why Manipulate?
Change the DOM to explore boundaries the GUI doesn't normally
let you
Enter values to explore the backend validation rules
Get rid of form elements to explore error conditions
Fill in gaps in my model
Server
All of previous stuff lives here
How can I do that here?
Observation of HTTP Traffic
Dear Google,
How can I observe HTTP traffic?
Yours,Alan
Hi Alan,
Check this lot out.
Love,Google
Proxies
Server
Fiddler, Charles,
BurpSuite,
Owasp ZAP
Proxy
FoxyProxy
Browser Plugin
Proxies
Server
Proxy
Repeat Requests (Amended)
Create New Requests
Automatically Amend Requests
Fuzz Requests
Breakpoint and Amend Requests
Observe Traffic
Export for later analysis
Passively Scan for Security Issues
Amend Responses
Simulate Server Errors
Simulate Slow Networks
Supply Different Responses e.g. CSS, JS
Chaining Proxies
FiddlerBurpSuite
Server
Site Map
Fuzzers
Advanced Breakpoints
Easy Config
Insitu Scripting
Simple Breakpoints
Auto-responders
More Mobile Testing Hints
Mobile
DeviceHardware
WiFi
HotSpot
ZAP Proxy
Running
on Mac
Mobile Configured
to use
ZAP ProxyMakes it easier
for WireShark
on Mac to sniff
mobile traffic
View
Mobile
Traffic on
Laptop
Share
VPN
for Geo
Reflection
Own your modelse.g. Build your own explanations of Page
Objects
Your own models of your system
Identify gaps in your knowledgeIdentify Tools that help you
Expand your Requisite Variety
Some Recent Tools I Used
APIs PostMan, PAW
Plugins EditThisCookie, FoxyProxy
Proxies Fiddler, Charles, ZAP, BurpSuite
Dev Tools - Browser Dev tools, ADB (Android)
SDK - e.g. JDK, MySQL Workbench
Static Analysis ToolsGoogle PageSpeed Tools, FindBugs, PMD, CSS
Lint, Myth (CSS)
Some Recent Tools I Used
APIs PostMan, PAW
Plugins EditThisCookie, FoxyProxy
Proxies Fiddler, Charles, ZAP, BurpSuite
Dev Tools - Browser Dev tools, ADB (Android)
SDK - e.g. JDK, MySQL Workbench
Static Analysis ToolsGoogle PageSpeed Tools, FindBugs, PMD, CSS
Lint, Myth (CSS)
But It's Not About The Tools
The Following Book Covers Were Digitally Butchered during the
Making of this presentation
1961
1957
1987
1936
The Following Book Covers Were Digitally Butchered during the
Making of this presentation
1961
1957
1987
1936
Because this is a self-help talk
The 5 Secret Keys Which Unlock Your
Technical Test Ability
ModellingObservationReflectionInterrogationManipulation
Alan Richardson
@EvilTester
http://EvilTester.comhttp://SeleniumSimplified.comhttp://JavaForTesters.com
