Quick test idea: try inverse feature

Reading Time: 1 minute

TL;DR

In this post I will explain one quick, but very important, test idea. Inverse feature.

In order to avoid complex mathematical description and proof, let’s use simple plain explanation. Inverse feature does exactly the opposite from the original feature. And operates on output data of the original feature. Ad in the end, we should get back original data.

Here are few examples.

Every browser has zoom feature. Let's zoom in for 10% of this blog post, and again, zoom out on same blog post for 10%. You should view  blog post in starting resolution.

Or you have feature that exports list of users. The best way to test this feature is using import feature of users. Export users, delete them, do the import, you should get original list of users.

Inverse feature is very important quick test idea, because you can test original feature very quickly. Also, users will be very satisfied with your product if features of that product come in pairs.

This quick test idea is fallible because you can have four possible combinations:

both features work, both features fail, original feature fails, inverse feature fails.

It is important to be aware that using only this quick test method is not enough.

Which method would you use to help you in case when both features fail?

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Testival 2016 press release

Reading Time: 1 minute

We are proud to announce Testival 2016!

Testival is, simply put, a software testers’ event. A place for software testers to meet with each other and talk about testing. It is a combination of unconference format, where participants selects topics of interest, and keynote speakers.

Testival 2015 was a great success! We had 40 testers and two speakers. Dario Hrupec had talk “How do natural scientist test their ideas” and Maaret Pyhäjärvi talked about “Collaborative exploratory and unit testing”.

This year Testival 2016 will be hosted by STEP RI Science and Technology Park of the University of Rijeka Ltd!

Bookmark your calendars with Testival 2016 dates: September 23rd and 24th 2016!

This year we also have two exciting speakers:

Mirjana Kolarov is Test Department Manager at Levi9 IT Services and she will gave closing keynote: Reaching symbiosis of Exploratory and Automation Testing.

Ben Simo is Amphibious time-traveling context-driven cyborg software tester and he will give opening keynote Putting Context First.

In between is your time, our dear testers. This will be the time for session according to you selection in open session format.

With help of our sponsors, admission is free, and it is mandatory to register through Entrio system.

Our sponsors are:

Screen Shot 2016-07-23 at 3.47.00 PM

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Feature analysis for my Internet banking application

Reading Time: 2 minutes

TL;DR

This post is feature analysis of my Internet banking application. As a user, I am not satisfied how those features are implemented because using them I spent much more time than expected.

As a user, I want to pay my bills reliably and as fast as possible. Feature that I used every month is to ADD MY BILL TRANSACTION TO BATCH OF TEN, and then I confirm that transaction with ONE transaction token.

SELECT PAYMENT TEMPLATES is also very important feature, because using them I only have to change one dynamic part of every bill, that is my PAYMENT ID created by the owner of the bill.

Combining those those two features, I spent less that 20 minutes to pay all my monthly bills. And that is acceptable for me.

Current system is live from the beginning of this year, which means that I used feature, CREATE A PAYMENT TEMPLATE, in the old system. All payment templates were successfully migrated to the new system.

This month, I needed to update one of those templates, and all the frustration and fun began. In user interface, there was no obvious information how to do that (obvious information in user interface is my prefered way of application documentation). Then I checked official user documentation.

Search for predlozak, croatian word for template. Second word will reveal Slika (picture) 10.17 and observe upper right corner. Yes, this is where you select to save NEW TEMPLATE.

So, there is no feature, UPDATE TEMPLATE. You need to delete current template and then create new one.

And here comes the BIG BANG FEATURE! In picture 10.17 you can see how to pay a transaction. Wait a minute, what does this have to do with creating the template? Well, they decide to merge two features, pay ONE transaction and during that feature, mark that you want also to create NEW TEMPLATE from that payment transaction. Simple and logical, if you are a Vogon.

So, here was my workflow:

  1. Add payment transaction to transaction batch of ten.
  2. Remove it from batch because I wanted to update it.
  3. Delete current template.
  4. Create new payment, mark that I want also new template from it
  5. Pay just one transaction
  6. Continue with adding other transactions, using their templates that need not to be updated, to batch transaction

There is also one feature, that I call ANNOYING FEATURE. Remember that in every PAYMENT, I need to update PAYMENT ID, hard coded by the owner of the bill. Croatia Vogons created a set of rules for that PAYMENT ID (and increased croatian employment number for 5000 thousand).

And bank developers decided to implement MAGNIFICENT FEATURE, check that business PAYMENT ID WHILE I am typing it in input field. Yeah for Javascript! Problem is that they trigger rule check BEFORE I FINISHED typing!

How is your Internet banking application these days?

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

One character to rule them all

Reading Time: 1 minute

TL;DR

In this post I will provide example how just one character can make a significant difference regarding security of Django web application.

The issue is sql injection. When I test for sql injections and I have access to client codebase (which can save significant amount of money for client), I first search code for using raw sql code. I am using simple unix utilities, less and grep:

grep -H -r 'what_you_search' * | less

In Django code system, you should search for raw function because it accepts for input raw sql.

You should learn what is proper way to send sql parameters to that function. For Django raw, this is proper way:

>>> lname = 'Doe'
>>> Person.objects.raw('SELECT * FROM myapp_person WHERE last_name = %s', [lname])

I searched the codebase, and found following:

>>> lname = 'Doe'
>>> Person.objects.raw('SELECT * FROM myapp_person WHERE last_name = %s' % lname)

Have you noticed the difference? % instead of ,

Here is how you can easily construct strings in Python (Django is Python framework):

"welcome sql injection %s" % hacker_string

This just replaces hacher_string with %s. And does not check hacker_string for possible sql code injection, which raw function does, but only when user input is send as raw function parameter, as explained in documentation.

%, one character to rule them all!

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

As tester, be alert during the alternative flow

Reading Time: 1 minute

TL;DR

One of my previous heuristics was that people make more mistakes in alternative path that are usually complicated than basic flow. Here is one more example that supports that heuristic.

Today I was shopping in my neighborhood store, and alternative business flow was triggered at the cash register. Brand that owns that store usually do not have enough change coins at the cash register. So when I gave my money, cashier realised that I have enough amount in coins that she desperately needs.

Amount was 113 kunas. I gave 100, 10 in paper and 3 kunas in coins. At that moment she realised that I have 10 kunas in coins. She put aside 100 and 10, and counted 10 in coins.

You probably guess what happened. I needed to ask her to give me back my 10 paper kunas.

Conclusion.

People make mistakes. And that is ok. This is our nature. When you are testing always be alert at alternative flows. Because people make mistakes at alternative flow with higher probability.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather