You are on page 1of 58

Testing Circus

Volume 2 - Issue 10 - October 2011


Fake Training programs... Interview with Lanette Creamer Promoting Software Testing in Your Organization Book Worms Corner Requirements are The Source of All Project Evil The death of Quality 10 Free and Open Source Tools For Security Testing SpiraTest - What Makes It Complete Test Management Solution? 6 Best Practices To Embrace Agile Testing You Want It When? (Part 2) Heroes of Testing Circus Software Testing News

Your Monthly Magazine on Software Testing

www.TestingCircus.com
* Testing Circus salutes

From the Keyboard of Editor-in-Chief


It is time I should thank few guys at Testing Circus. They have been a great support to me in publishing Testing Circus regularly. Their small effort have really made big impact on this magazine. profiles as Heroes of Testing Circus. Heroes do exist and they are with us.

Apart from the assistant editors, we are surrounded by our core group members and other tech and publicity guys. We will also Few months back when I wanted to have few publish about them in next issues to come. helping hands and asked people to join me as assistant editors, these seven guys extended In other news, we have included a special their support. section of articles on tools, utilities and views in collaboration with Tool Journal. Riyaj Shaikh, Selim Mia, Ashik Elahi, Tool Journal team has promised to provide Gagan Talwar, Asif Iquebal Sarkar, Ajay quality and suitable content for us regularly Sharma and Brian Osman worked with me which I am sure would benefit our readers. to make Testing Circus a world class monthly testing magazine. We have also started a new column Book Worms Corner from this month. Thanks to After one year of our publication, five of our James Bach and Pradeep Soundararajan for assistant editors have still agreed to put their recommending books to our tester readers. effort for Testing Circus and they are committed to make this magazine a useful Thanks to readers who sent birthday wishes magazine for software testers. to us after we published our September issue. We could not print all the messages but your Testing Circus is expanding and we will wishes have delighted us. Thanks again. need more passionate testers to continue our bright journey in years to come. We will be - Ajoy Kumar Singha joined by many bright minds but these are Editor-in-Chief the guys whose help we would never forget. http://twitter.com/ajoysingha In this issue we have included their brief editor@testingcircus.com

Write to us at editor@testingcircus.com
www.TestingCircus.com October 2011 -2-

Testing Circus
In this issue
Volume 2 - Issue 10 - October 2011
Editorial Letter to the Editor Fake Training programs... Interview with Lanette Creamer Promoting Software Testing in Your Organization Book Worms Corner Crack The Code! Testers at Twitter Requirements are The Source of All Project Evil The death of Quality Test Events for November On a lighter note You Want It When? (Part 2) Heroes of Testing Circus QTP Code Corner Software Testing News **Testing Corner www.TestingCircus.com Tools Journal October 2011 Jaijeet Pandey Bernice Niel Ruhland Jason Buksh Trish Khoo Rob van Steenbergen WoBo Blindu Eusebiu Fake Software Tester Ajoy Kumar Singha

2 4 5 7 11 14 15 16 19 22 26 29 30 33 38 40 45
-3-

Letters straight from the readers.

ditor he E to t etter L

Congratulations Testing Circus team for completing one year. You guys are really putting good effort to update how things are going around in the Testing World. I have started reading Testing Circus magazine two months back when it which was posted in our company intranet. I found the articles really useful and never missed any issues after that. This is really helpful for those who people are involved in testing as well as for the new comers coming into the testing world. One thing I would like you to suggest is apart from the regular pages, could you include articles about mobile application testing and the tools used? Regards, Sijin Kumar S.

-----------------------------------------My best wishes for your magazine to complete one successful year. This is the best magazine of the testing magazines I have seen. All new ideas, news section and sections giving us inspirations to learn more. Thanks for this. This magazine is important for both fresher and experienced testers. Bhupal Bisht

-----------------------------------------You people ROCK!! guys. All The Best and Happy Birthday. Bharath S.

Write to us at

editor@testingcircus.com
www.TestingCircus.com October 2011 -4-

Fake Training programs...


Hello sweetheart. What did you eat today"? ... I could not believe what I was hearing. Was the number right? It was. Was the timing right? It was. I had dialed into a US conference call number and I heard some love talk. Apparently, someone from my office was using (more of mis-using) these official numbers provided for some personal stuff. Last time I checked, such examples could be found all over the place. The husband is placed in a project in the US and is provided with a number for his official conferences, and guess who he uses it to talk to. Does it happen in your company?

1 Part

Anyway, this month, our training departments sent us a circular. They were reaching out to us to understand what are the various soft skills that a tester 1) Un-learning would need, so that they can include it in their train- Ever wonder why most of us don't learn a lot? It's ing program. because we belong to the category of "Iknowitall" and refuse to learn. If only we had a training program to Here's my top 5

www.TestingCircus.com

October 2011

-5-

help us un-learn what we already know, would it not area. The old man sitting next to you in the company bus might be a Senior VP, after all. The person that speed up our learning as well? you have lunch with at the client location might be another project manager who might be thinking 2) Curiosity Can you teach anyone curiosity? For most of those, about whether they need to give you your next the concept of gravity was initiated by the thought of project or not. Can a training program be designed to Curiosity in Sir Isaac Newton's mind. Would not improve your "networking" quotience? Can a trainthere be better testers if we could teach them curiosi- ing program be designed so that you get better netty? Would it be possible to teach someone about working skills and start networking more and more? "Curiosity as a soft skill" and how it can be implemented to do a deep dive into the product to flush And you know what happened... none of them hapout bugs? Can someone teach me to be more "inquis- pened. My email remains in the archives of the training department. They are still having their soft-skills itive"? focused on how to eat a pizza, theoretical skills of negotiation, etc. So sad! What do you think? Do you 3) Eye for Detail Well, being a tester, one very good quality that we think if these programs make any kind of sense? need to imbibe is to have an "eye for detail". For example, you would need to look at all parts of the A fake Testers Diary was first published in screen to flush out that small bitmap image which Testing Circus January issue. New Readers are does not fit into the screen; you might want to look encouraged to read our old issues at closer for the JavaScript error messages that keep appearing out of nowhere; you would need to look www.testingcircus.com to understand the more closely at audio-visual synchronization if you journey of a fake software tester. are involved in testing multimedia products. Would it be possible to have a training program that grades Keep reading future issues of Testing Circus to me on my current level of "eye for detailing" and that know more!!! Do you have anything to say about which helps me in improving it? fake testing practices? 4) Identify mis-guides Well, there are so many guides and mentors available in this world. But how will you know if it you are being misguided? How will you identify if you are being mis-mentored? Can a training program be designed so that I can identify when I am being mis-guided and I can stop myself?

Write to us. faketester@testingcircus.com By the way, have you seen the blog on fake software testing? Here it is http://fakesoftwaretester.blogspot.com Editor

A platform for software testers to collaborate, test various kinds of software, foster hope, gain 5) The importance of networking peer recognition, and be of value to the Networking is very important. Why? Well, would community.
that not be your network of people that you turn to when you hit a road-blocker? The person sitting right next to you in your cab may be a whiz kid in your

http://weekendtesting.com October 2011 -6-

www.TestingCircus.com

Interview with Testers

Lanette Creamer

Lanette Creamer likes testing software even more than Diet Coke and cats. After working for a decade at Adobe, including leading coordinated testing across products on the Creative Suites, Lanette jumped into consulting, working independently as Spark Quality LLC. Throughout her career, Lanette has evangelized advancement of real-time human thought above process solutions in software quality. Testing should be customized, using a context appropriate balance of automation, and tool assisted creative black box techniques to get effective coverage. Deeply passionate about collaboration, she believes it is a powerful solution when facing complex technical challenges. Lanette is an active participant in the testing community and a writer in her well known TestyRedhead blog, on Twitter, and occasionally in industry magazines and technical papers.

Testing Circus Regular

Feature

1. How long have you been associated with software testing?


I started testing in 1999 when I was hired as a temporary worker to test InDesign version 1.5. To qualify for the job, each person took a technical test. Each person who scored well on the test had a chance to interview for the contract job.

2. Tell us more about it.


When I was interviewed to work a testing contract for Adobe, I was unsure if I would enjoy testing. Ive always been a people person and I thought that I would feel lonely. I had a job that was promised to last longer than 6 months doing technical support for Windows 2000, which was going to be released shortly, and was even in training to learn more about Windows at the time. I decided to take a risk,

with the idea that if I hated software testing after six months, I would have finished my contract and could look for other work. The first week of software testing at Adobe was terrible. I worked through scripted test cases in a matrix until I was bored out of my mind. I was very close to wanting to quit before my career ever started. Then that very afternoon, when I had nothing left to loose but that temporary job, I deviated from the script. A few minutes later, I found my first bug. It was literally like a light switched on in my brain, and Ive enjoyed testing and creatively running tests ever since. I still cover scripted test cases from time to time, but now I am sure to add as much variance as possible while still covering the core objective. 3. You started Spark Quality LLC. How different it is working in a company like Adobe and working independently in own organization? Owning a business is time consuming. As a software tester, we already wear many hats. We are sometimes

www.TestingCircus.com

October 2011

-7-

the developer of automation, the ambassador between the user and the developer, and at times the quality police. Im used to switching roles, but never before have I had to negotiate contracts, purchase insurance, be a full accountant, and even a collections agency and marketing firm. There is so much to do that it cuts in to the time I have to test. Those who have never tried to be independent may not understand the costs involved. I am insured, licensed, and I have signed contracts. Still so much has to be negotiated outside of contracts. There is one single reason that I love working for Spark Quality LLC, and that is that my focus is on doing great testing, and I adore not writing SMART goals, or dealing with company initiatives that have little to do with creating great software for end users. As a company of one, I have a single goal. That is to deliver great work that makes my clients happy, and earn enough to stay in business so that I can continue to do so. I would love to one day provide a wonderful place for another tester to work. A place with a learning culture where testing is appreciated, and silly initiatives and painful review processes dont happen. Unfortunately, in the current economy, many larger companies have become less humane. I feel extremely blessed to be a small business working with other small businesses to exist outside of the Wall Street world of big finance, big secrets, shareholder meetings, and corporate boards to impress. It is wonderful for this small fish to swim in a small but clean pond. It may seem unimportant to those are used to working with a brand name company. I want to do great testing work on software and see the results of my testing. I get to see the changes as they happen, and hear back from end users. That is the beauty of working for a small company. It is also the risk, because if I mess up, there is a CEO calling me, and there is no one to blame but me. 4. What is suggestion to those who want to go independent like you did by forming own company? I would suggest that they learn some basics of business, such as contract negotiation, taxes, and make sure that they have enough capital so that they can survive. Id also recommend not starting work for yourself unless/until you have a client to work for. I worked for a consulting company that I liked

very much before I started my own company. I was very happy with Sogeti. The reason that I went independent was that I had an opportunity to work for a client, but only if I signed with them directly. That would have been the wrong thing to do when I was working for someone else, so I decided to become my own company. 5. Where do you see Software Testing in next five years? I see some exciting trends! First, there are a few companies that have clean coding practices, continous integration, and are testing in production and in the cloud. Everyone else, and I mean the vast majority, still need help to get there! I see large companies feeling as if theyve solved these problems, so theyre done. Not so fast! Weve got some seriously legacy shops who havent upgraded in ages. In my dearest dreams we have no more large computer labs for testing. We have glorious perfect cloud labs that we all can access and I no longer have to manually click through ANY OS installs. For testing, I can get any operating system with my tools, all of the browsers, and I can start that up instantly. I dont mean the version of instant the cloud means where you take 10 minutes and connect through a remote server. I mean NOW, like 10 seconds or less later. That is the instant I want. Also testing is going to mean security and performance testing too. No more niche specialists who do just this. Tools that work for the majority of web solutions out there, and only the major platforms need specialists. Everyone else will have the platform baselines and validate that we arent slowing anything down either over time, with load, or with errors. When the platforms we test on have known performance, what we are really testing for is our variation from it compared to the competition. By that I mean that some large companies have unfortunately gone in a direction that has demotivated and disenfranchised their employees. For many years, companies enjoyed employees who had near religious furvor and loyalty. Those companies who showed their long term employees that the loyalty was one sided have started quite a bidding war for talent. The companies who are going to invest in their employees long term and take care

www.TestingCircus.com

October 2011

-8-

of them are going to be able to out perform those that behave dismissively. The difference between a high performing team and a more moderate team is how much the people LOVE the job. If they really love it, it shows. That love needs trust and loyalty. It is earned with years of good treatment. Bad management for just one year is enough to destroy it. It takes more years of progress to get back to neutral. 6. What qualities will you look for in a candidate when you want to recruit someone for software testing job? Its been awhile since Ive had the joy of recruiting someone to work with me. Instead, Ill tell you about the folks Ive given referrals to for testing jobs this year. The number one thing these 6 people have in common despite their different backgrounds, races, genders, age, interests, and experience is that I trust them. If any one of these people were to tell you that they tested something, Id bet my job that they did. They are serious and professional about testing. The second thing is that they are wonderful to work with. I know that they will be a great team member, and they are willing to do whatever it takes to get the job done. There are always some tasks that we may rather not do, but part of testing is powering through, asking for help, and finding a way to solve difficult technical issues. It takes someone who has the strength to keep trying when things are difficult because you are counting on them. The other quality they have in common is initiative. I wont recommend a tester who will sit around and await directions. I like to work with someone who will start testing if the documentation isnt ready. Ask questions. Make their own meetings. There are so few testers now compared to 5 years ago that no one has time to drag along dead weight. The testers who can make it long term have learned that it is their job to figure out how to test well. 7. Tell us about your association with testing community. I enjoy staying in touch with other testers. For a community that is so diverse, I always find myself surprised that we are facing many of the same issues. The way testers solve problems in one area can help me when applied to a totally different set of circumstances. Im also enjoying learning new tools

as they come out, and trying to see how I can get more testing done in the time I have.

8. What do you do when you are not working?


I am lucky to live near my Mom and sister, and we are a close family. I also enjoy cooking, reading fantasy books, playing chess and words with friends on my iPhone, blogging, tweeting, movies, karaoke, hanging out with Tizzy and Stardust the cats, and being outside in nature. 9. Complete this sentence I use twitter because ... I use twitter because it keeps me connected with what is going on with with people Id never otherwise have the time to communicate with on a regular basis. 10. Last question Do you read Testing Circus? If yes, what is your opinion about this magazine? I usually read Testing Circus the very first day it comes out. If I am not quick to make time that first day, I sometimes wait too long. I like the human touch that it has, and I believe it is more approachable than some other magazines. Because it is inclusive, sometimes the overall voice of the magazine is less polished than other magazines with a large budget and staff. I like hearing from the doers at the grass roots, which is why I have tried to provide feedback when I can. It has good potential, and thank you for putting effort into making a useful testing publication.

Email ID lanette@sparkquality.com Blog/Site http://blog.testyredhead.com Twitter Url @lanettecream

www.TestingCircus.com

October 2011

-9-

OTHERS FROM DIFFERENT ARE WE We have an extreme competitive edge over others. We understand where your costs are burnt. We....

HOW WE HIRE TESTERS? We want to make Moolya Testing a dream company for aspiring good testers. We have...

FOUNDING TEAM We earlier wrote this section under heading "management" and then thought that would ...

http://moolya.com

www.TestingCircus.com

October 2011

- 10 -

How to promote Testing in Your Organization

Testing Circus Regular

Feature

- Rob van Steenbergen

www.TestingCircus.com

October 2011

- 11 -

How to promote Testing in Your Organization Do a Risk Analysis - Part 2


In the previous article I started telling about the necessity of doing a product risk analysis. It is a very good starting point to get ideas for your test strategy. And in the line of this promotion article series it is also a good way to promote testing and let people know what you are doing. I ended part 1 of this article series in last Testing Circus Magazine with an assignment to you to recognize the appropriate people that you should include in your product risk analysis. So if youve done this you would have a list of stakeholders having the roles (although it can depend on situation): users, managers, investors, designers and architects, developers, testers, support engineers, system administrators, etc. Doing a session or an interview will come up for other associated risks. I did something similar myself: After I sent the invitation for a session I got a mail with some thoughts on risk from a colleague of mine. They were not in the format as I expected, but I did rewrite the risks that he informed and used them as example. Format of risks About the format: I would expect a risk to have a cause and something happening because of that. Examples: Because the user doesnt know how to select the right product, he will order something he doesnt want - If more than 1000 users will try to order someIf you made your list, you should decide to do a more thing, the website will be too slow to use. formal or informal session. Or even more sessions or a The test promotion about this combination of a session and some interviews. If it is the first time in your organization that you are For promoting testing, be professional and prepare the doing a product risk analysis session, then it is a good session with care: idea to think about some risks yourself in advance and put them on paper. These risks you can use as an example to start your session. During the discussion known risks you identified, the ideas Create a presentation about the risk session and what you want with it Send this presentation with the invitations to the stakeholders. Create a mind map of areas the project is focusing on

www.TestingCircus.com

October 2011

- 12 -

The mind map could also be a list or Visio drawing or some other visual drawing.

This will be the scope you will discuss in your meeting or interviews.

During the session During the session or interviews, keep a list of quality attributes on your desk and when the risks are mentioned, just check if all quality attributes have at least one risk mentioned. If, for example, the quality attribute usability has no risk mentioned, you should ask the group if usability is something where risk would occur. A good quality attribute list Ive learned from the Rapid Software Testing course I went to: CRUSSPIC STMPL Capability, Reliability, Usability, Security, Scalability, Performance, Installability, Compatibility, Supportability, Testability, Maintainability, Portability, and Localizability

Rob van Steenbergen is an independent software test consultant from The Netherlands. In the last 5 years he has been involved in infrastructure projects and is now working at Leaseweb. He is working in agile projects, infrastructural and software products, coaching new testers and helping with setting up and improving the testprocesses for this company. For more information visit www.chickenwings.nl Rob can be reached at http://twitter.com/rvansteenbergen E-mail: rob@chickenwings.nl

Risks have a chance of failure and height of damage At the highest level a risk has a chance of failure and a height of damage as I explained in the previous part. The technical people (developers, designers, testers) often can estimate the chance of failure. The damage for the business is better estimated by the business people (sales, support, and management etc).

www.TestingCircus.com

October 2011

- 13 -

Book Worms Corner


Hello Testers, I am WoBo, a travelling bookworm. Unlike other bookworms, I dont eat, but read books. I eat only the bad books. Anyhow, I thought about writing to the masters of software testing on their book recommendations, and heres what they had to say about these books. Many many thanks to James Bach and Pradeep Soundararajan for flagging off this feature. James Bach blogs at http://www.satisfice.com/blog Pradeeps writings are at http://testertested.blogspot.com Love,

WoBo

Book Recommendations From The Masters & What They Have To Say About It
JAMES BACH 1) Introduction to General Systems Thinking, by Gerald M. Weinberg This is a book about how not to be fooled by systems. It's a deep book. It's not easy to read. But if you study it, you will know what it means to think like a tester. 2) The Pig That Wants to Be Eaten: 100 Experiments for the Armchair Philosopher, Julian Baggini This is a book about thinking deeply. But it's presented in a wonderful accessible way. Each chapter is just a few pages long, and presents an interesting puzzle. PRADEEP SOUNDARARAJAN 1) Jonathan Livingston Seagull I have started to use this book as my pre consulting must read to all clients. 2) Perfect Software & Other Illusions About Testing This book has made me go through a see-saw ride of my understanding of testing and my respect for someone instantly raises when I hear that they have read this book. www.TestingCircus.com October 2011 - 14 -

Crack The Code!


- Blindu

Eusebiu

What is the maximum number of balls of diameter 1 that can fill a cube of 10x10x10 in size?

Blindu Eusebiu is a tester for more than 5 years. He is currently hosting European Weekend Testing. He considers himself a context-driven follower and he is a fan of exploratory testing. He tweets as @testalways. You can find more interactive testing puzzles on his website http://www.testalways.com Send your answers to

testalways@testingcircus.com

www.TestingCircus.com

October 2011

- 15 -

Testers to follow at Twitter


Mark Vasko
System/Software tester. Working to solve problems by changing ideas into the practical. Thoughts and tweets are mine, not representative of my company. http://www.markvasko.com 185 Following 361 Followers 34 Listed http://twitter.com/MarkVasko

Alex Kell
Quality Assurance Architect, gamer, father. XBL/PSN - Kellk http://www.managetotest.com 555 Following 576 Followers 37 Listed http://twitter.com/Wiggly

Christopher Chartier
Software tester/developer for many years. Now dedicated to software testing as a science and sometimes an art. http://www.chrischartier.info 269 Following 163 Followers 8 Listed http://twitter.com/ChartierMcpe

BugCam
The Easiest Way to Add Video to Your Bug Reports! http://www.getbugcam.com http://blog.getbugcam.com 1956 Following 1296 Followers 12 Listed http://twitter.com/GetBugCam

http://Twitter.com/TestingCircus
www.TestingCircus.com October 2011 - 16 -

i ng Test

y db dite e nd ed a sting. nd fou are te ng i w test n soft are so w t soft subjec on s ine ariou gaz ma ishes v ly bl nth mo ine pu a z is aga cus Cir The m com s. a. ting Tes singh gCircu y n o @aj //Testi g : in s http ollow s ircu F er ngC 339 ollow sti F /Te 742 sted om i er.c 46 L //twitt : http

cus Cir

llo Fo

u w

tT sa

ter it w
rcus gCi

es t i n m/T o er.c witt ://T ht t p

www.TestingCircus.com

October 2011

- 17 -

This one runs on FAT & saves you Money

This one runs on Money & Makes you FAt

Be healthy, wealthy and wise. Always! - Testing Circus Team


www.TestingCircus.com October 2011 - 18 -

Requirements - The Source of All Project Evil


- Jason Buksh
2. On average each of these functional specs gives rise to 5 different Test cases. 3. This means 10*10*5 = Test Cases to write. = 500 Test Cases. 4. Each of these test cases takes .5 day to write = 250 man days 5. Each test case take .5 day to execute = 250 man days 6. Requirements change, its a fact so lets say that we have to revise 30% of these. Thats 150 test case revisions. We can see its all becoming unmanageable very quickly and in most projects Ive been in the test team tend to get overwhelmed very quickly when taking this approach. So even is a project has 100% coverage of the requirements it doesnt mean all outcomes have been tested. Requirements coverage is useless on its own what its gives is an indication of the testing effort invested and give a confidence level in the testing. It really isnt a strong quality indicator. Then I started thinking .. how can we actually test all outcomes? Why everything cannot be Tested and more

Well not all evils but most project evils. Today I wear my Technical Project Manager hat and Im going to propose the source of most IT project ills. This is particularly relevant for Greenfield IT projects. Im also going to touch on why it is impossible to test everything. Background I came across a question on a forum and someone had asked how many test cases were necessary. Someone responded saying aiming for 100% coverage of the requirements would be good. Now 100% coverage (to me) should mean that have exhausted every possible outcome a system can produce. Requirements coverage is very different and means something else entirely it also tends to lead to a false sense of security. There are coverage tools available (e.g. Requisite Pro)so you can link Test Cases to requirements. If you link all the Test Cases to the requirements then hey presto, you can report 100% coverage. It became quickly apparent to me that just because you had a test case for each requirement didnt mean you had 100% coverage. What it meant is that you had written a test case for that requirement but actually the coverage largely depends on the knowledge and skill of the person testing it. In reality you need several test cases to cover a single requirement and in reality no one has time to exhaustively write and test all the possible outcomes. Lets take a hypothetical situation:

Now lets take an abstract view on the problem. The reason it is impossible to test everything became apparent after I recalled a university lecture: I had opted for a mathematics module and was being subjected to a series of classes teaching Z notation. For those of you fortunate enough not to go through these lectures it was a way of defining and specifying requirements in a mathematical notation. The requirements specification ended up looking like hieroglyphics. I asked my Project X has 10 business requirements professor (Brian Burrows) why this horrible series of 1. Each of these business requirements can be lectures was happening. He said something that stuck with me If you cannot decompose and define a system decomposed into 10 functional specs mathematically you cant fully understand it and it is

www.TestingCircus.com

October 2011

- 19 -

impossible to prove. Wow, I understood. He was saying that unless we could define the requirements rigorously (and the only way to do this is through mathematics) then it was impossible to derive the exact behavior of the system and test all possible outcomes. This is why Z notation came about it was a mathematical way of defining the requirements of the system. So the takeaway here is If you cant define a requirement mathematically you dont fully understand it and you cant test it. (Theory over). Back in the real world, this never happens requirements are never specified using Z notation. Click here for an example of Z notation. Now I think in reality requirements are imprecise fundamentally because English is imprecise. What people mean and what people specify are two different things. It is practically impossible to define something perfectly in English even if you know what it is you are trying to define. Also in the real world the majority of people do not speak mathematics, they speak English. Herein the problem lies. Many IT stakeholders think they know what they want but actually have difficultly expressing and defining what they want. What they think and what they say can be two different things. IT systems that havent been built are an abstract concept to them, so this compounds the problem.

will be prone to different interpretations. When asking users to specify requirements they will make an imprecise description, something imprecise will be built and testing will be fundamentally based on this series of events. This can be exacerbated as there are many layers of interpretation between initial definition and coding. So I arrive at the following conclusion: If it is impossible to state the system requirements precisely how can we possibly test all of the possible outcomes? The answer is we cant. The imprecise nature of requirements also could go some way to explaining the following: 1. Constantly modifying requirements 2. New requirements entering the system 3. Incorrect or badly built systems the system doesnt do what we wanted it to 4. Badly delivered systems that do not meet the customer expectations but meet specifications 5. Failure of large IT projects 6. Defects when the system goes live 7. Failure of a large number of Waterfall development projects (months/years before delivery to end users)

8. .. the list goes on Lets take an example that everyone knows lets say a motor car. Lets say you wanted a Ford Focus and you I find that the majority of issues within projects can usually be traced back to the requirements. Hence the specified the requirement: title Requirements are the source of all project evil. So whats the answer? We cant just throw away stakeRequirement Attempt Result ins holder requirements but if we accept that requireLorry, Bus, JCB Digger, ments are likely to be stated imprecisely we can then [1] Wheels and motorized Couch, Steam roller gear the project methodology around this and enable [2] 4 wheels, motorized and Jeep, Electric Car, Bus, better delivery. carries 4 people Mini Van This for me is where SCRUM is a step in the right [3] 4 wheels, motorized, 4 direction One of the major strengths of SCRUM is the Car (of a 1940 variety) people only, petrol way it fundamentally attempts to force regular deliveries. Stakeholders cloudy requirements become less [4] 4 wheels, motorized, 4 cloudy and more solid as they see the product being people only, petrol, boot, .. delivered. Validation knowledge is transferred beenclosed, capable of 60 mph tween stakeholders and the delivery team by forcing Even with the last requirement there are still a multi- regular education (and vice versa) between builds. tude of machines and cars that will fit the bill. Now the Dumb Prototyping of screens with stakeholders in the above example may seem like an exaggeration but requirements stage is also another way to help firm up what it is attempting to illustrate is that that even when requirements as are Requirement Reviews. I will talk stakeholders know what they want the requirements about more ways to make a project successful in anoth-

www.TestingCircus.com

October 2011

- 20 -

er article. Imprecise requirements have an enormous impact on a project man days and project durations are affected exponentially. The people it affects most are the people at the end of the IT project food chain testers (testing timeframes squeezed) and users (attempting to make a system they dont like work). More time needs to be spent getting requirements correct and validating understanding. Key takeaways: 1. The language in which initial requirements are specified is imprecise. 2. Regular engagement between end users and application delivery will result is fewer project evils 3. If we accept requirements are defined imprecisely we can plan accordingly and deliver a better product Im surprised at how many IT projects attempt to follow a process mindlessly without attempting to understand the thought principles behind them (such as Agile). This I attribute to unqualified and bad management (link to future article here). So thats my proposition as to why it is impossible to test everything it also outlines a fundamental root cause which gives rise to many issues within projects. I hope you have enjoyed.

Jason has had over 2 0 years expe rience in the IT industry. His formative years were spent cutting his teeth on the Vic20, then 6502 on the BBC MicroComputer. Its fair to say he has always had a passion for technology. He has successfully conducted performance testing for a diverse client base ranging from CFD Trading, investment banking, online gambling companies and travel companies. What is striking is that each of his clients have all have different issues which can be solved by a core common approach. Jason aims to share his experiences, thoughts and approaches. His Blog can be found on www.perftesting.co.uk

Watch out Tools Journal Testing Corner in this issue 10 Free and Open Source Tools For Security Testing -

SpiraTest - What Makes It Complete Test Management Solution? 6 Best Practices To Embrace Agile Testing -

www.TestingCircus.com

October 2011

- 21 -

The death of Quality


- Trish Khoo
Quality is dead, declared Goranka Bjedov. And I the end of the development cycle and not enough thought to myself, I knew it. testing at the start meant that most of the bugs were being found at the end, so the team was looking at a few For some time now Ive been concerned about this. Id more weeks of catch up time to find and fix all of the always seen specialized testing as a way to turn a bugs. But, for reasons that I still dont completely mediocre-quality product into a high-quality product. understand, all of the bugs were postponed and it was But the evidence before my own eyes is that the market released anyway. The next two weeks were a mad is full of buggy software. The worst part is, people scramble to fix production bugs, followed by several accept buggy software as the norm and learn to live with weeks of less frantic fixing. I was ready to label the project a colossal failure. But the product was actually it. very well-received by most customers. By the end of the first week, customers were singing praises for the new feature and the project was hailed as a success. It left me wondering what the point was of having testers on that project at all. I was told that, without testers, it would have been a whole lot worse. Is that rewarding though? Working to make something not as bad as it could be? After STANZ, I stayed with my friend Richard for a few days. Richard is a medical doctor, training in radiation oncology. I asked him if it was depressing being in a job treating cancer, which is a condition thats difficult to treat and not completely curable. We say that nobody can ever be done testing, because there is always more than can be tested. There comes a Oh not at all he said. There are some practical things point in any project where the cost of continuing to test you can do, to improve quality of life. outweighs the benefit in releasing earlier, but with unknown bugs. But, I pressed, When people think cancer, they usually think thats it for them. It seems like youre just The truth is, bad software makes more money fighting an uphill battle. Goranka Bjedov, STANZ 2011. Everyone dies eventually, of something, he explained. I recently watched a project going through a fairly But I know that there are things I can do that means difficult stabilization phase. Too much change towards

www.TestingCircus.com

October 2011

- 22 -

theyre not going to die today. And the quality of life they have in the meantime can be made a lot better. I nodded. I guess thats true. Once you accept mortality, medicines not that hard. Its actually quite rewarding. Perhaps we need a mentality shift, and a different way of seeing our role. If we see ourselves as the cure for bad software, then were going to be repeatedly disappointed. I emailed my friend James Martin for his perspective, and he offered this one: How about working to make something better? What if all any of us did, regardless of job title, was try as hard as we could to make the best stuff possible, accepting the fact that even the best of us has only a fragile grasp of what it takes to make something that another person will be delighted by. Personally, it helps me to think that my whole job description is to make things better. That way I can solve problems using whatever tools feel right for the task at hand and I dont feel constrained by someone elses opinion of who I should be and what I should do. As usual, the people setting the standards for our profession do so without knowing our context. But we can set our own standards for ourselves and play by our own rules. I like to think that you and I did that last year. I still think of what we did at Campaign Monitor as my best work. If quality is dead, what are we doing here? If we are adding value, what is it and how do we measure it?

Trish Khoo manages the test team at Campaign Monitor (http://www.campaignmonitor.com/), a small company in Sydney with a strong global presence. Trish began her career as a commercial web applications developer in Brisbane and then moved to Sydney to become a .NET developer at Microsoft. After discovering an affinity for testing, Trish moved into a consultancy role as a tester for the Microsoft Solutions Development Centre, where she specialised in test automation solutions. After several very different test management roles, Trish eventually joined the crew at Campaign Monitor. She has been there for almost three years now. Trish regularly writes about software and testing on her blog (http://trishkhoo.com) and talks about testing on her podcast Testcast (http://testcast.net/), with co-host Bruce McLeod. She also writes articles for The Testing Planet (http://www.thetestingplanet.com/) and Testing online Circus (http://testingcircus.com/) publications. Recently, Trish spoke about test approaches at the STANZ conference in Melbourne. She encourages a more active testing community in Sydney by organising Sydney Tester Meetups (http://www.meetup.com/Sydney-Testers/).

www.TestingCircus.com

October 2011

- 23 -

We need people from all over the world. Become a Testing Circus Representative (TCR)

Visit our web site for more information. http://www.TestingCircus.com/tcr.aspx

www.TestingCircus.com

October 2011

- 24 -

Testing Circus is subscribed and read by software testers in 74 countries. We are growing every month.

Advertise with us.

***Advertisement rate starting $25/per month. Write to us at ads@testingcircus.com for a detailed media and advertisement kit. www.TestingCircus.com October 2011 - 25 -

www.TestingCircus.com

October 2011

- 26 -

www.TestingCircus.com

October 2011

- 27 -

www.TestingCircus.com

October 2011

- 28 -

On a lighter note
Power of i

*Submitted by a Testing Circus Reader. Source - Unknown. www.TestingCircus.com October 2011 - 29 -

You Want It When?


Part - 2
- Bernice Niel Ruhland
Part 1 discussed approaches to prepare for testing when timelines have been reduced which may require the testing team to work extended hours. Part 2 discusses how to progress testing and take care of you while meeting an aggressive timeline. Testing Has Begun! Finally, the day arrives when testing can begin! It can be helpful to start with exploratory testing to identify critical bugs. This can include a walkthrough functionality to ensure all features are included and basic functionality works. The goal is to address show-stopping bugs early to reduce down-time. Once the initial high-priority problems are resolved, any testing ideas, test cases, or other form of requirements testing can begin. Planning Never Ends At the beginning of testing it is helpful to have a weekly goal to provide a milestone to assess progress. As the deadline becomes closer, switch to having a daily goal. Of course depending upon the timelines the team may need to start with a daily goal. Make sure everyone is aware of the goals including the development team. An easy way to document is on a white board where tasks can be added and crossed off when completed. Everyone needs to understand the progression or at times the lack of progress and what needs to be done to bridge the gaps. An assessment of progress with the development team can be beneficial to reduce miscommunication. Throughout testing, new risks will be introduced; some testing will progress faster than other areas. Because planning is an ongoing process, it can be necessary to reprioritize and distribute testing assignments across testers differently. Accelerating Problems As bugs are encountered, they are typically assigned a priority level to determine the timing of fixing the problem. Critical bugs that stop testing need to be addressed immediately so it is important to only accelerate high-priority bugs to the development team to ensure their time is properly used. Because the timelines are reduced, work with the employee who has authority to approve lowerlevel bugs to be fixed at later date. Periodic meetings with the development team can be helpful to ensure both teams are focusing on the correct priorities to keep the project moving forward. Work with the developers on ever-changing risks especially with critical bugs to determine additional testing. Throughout testing, continue to review risks and potential impact to adjust test strategy accordingly. Late Nights As a tester, working late is never popular especially since in non-agile worlds our work is performed at the end and delays by other groups result in a reduction of time. Make sure there is careful consideration on when testing teams should work late to ensure the time is used wisely to move forward in meeting the deadline. If possible, schedule the October 2011 - 30 -

www.TestingCircus.com

extended hours at a point in the project where time much fresher testing team and can improve mois of the essence but before hitting a critical point rale! where all nighters are required. Take Care of Yourself When testers need to work late, determine what Intense testing can cause a tester to spend hours in support they may require from developers and front of a computer without taking breaks which other employees to ensure that problems are re- can lead to burnout and computer injuries. It is solved to reduce downtime. Talk personally to important to take small breaks away from the comemployees who are on call to ensure they under- puter. A short walk or stretching can get the blood stand the importance of their role and their contri- flowing and loosen up tight muscles. Test teams bution to meeting the deadline. Nothing is more are known to get through late nights with sugary frustrating than working late without the proper pops, cookies, and candies. This is not a time to support or the ability to see progress. skip meals no matter how tight the timeline. Eat healthy meals and try to get your proper amount Consult your Human Resource representative or of sleep. the employee who can authorize reimbursement for dinner expenses. It is important that testers are Aggressive timelines can increase stress levels and taken care of in terms of healthy dinners, beverag- tension between team members. Taking care of es, and snacks. you can help manage these emotions. When the stress level starts to rise, use whatever works to help you cope such as a stress ball or a quick walk. If tension rises between team members, one method to reduce problems is to take a small break before continuing the conversation. Proper posture is also important to reduce back and neck injuries. This is not a time to spend hours slumped over a computer. Make sure your work station is set up to reduce neck, shoulder, and hand injuries from repetitive movement. Periodically looking away from the computer screen and blinking can help reduce eye strain.

Diminishing Returns The long hours can take a toll on a testing team including fatigue which can result in missing bugs and introducing errors in test setup and evaluation. Look for different ways to test such as switching from executing test cases to spending time performing exploratory testing. Before escalating problems to the development team, have another tester check the results or at least review with the developer before submitting a written problem. These conversations can go a long way in fostering a healthy working relationship between testers and developers when timelines are short and the stress level tends to increase. If possible, take a night off from working late or at least not staying as late to give the team some down-time. A break from testing can result in a

Celebrate Your Accomplishment! Once the deadline has been met, reward yourself with a celebration! Whether you go to your favorite restaurant or buy yourself a gift make sure you do something special. October 2011 - 31 -

www.TestingCircus.com

Thank those who had a significant role in supporting the testing team as everyone likes to have their contribution acknowledged and be sure to communicate to their manager how they supported the deadline. This is good for morale and can help foster support for future projects. The Test Manager and Test Lead should thank the testing team for their dedication to making the deadline. It is important to recognize their contribution, dedication, and hours worked. Do not take the testing team for granted or you will lose them! Conclusion Working extended hours is a part of a testing team life; however fluid planning and good communication between testers and developers can ensure the appropriate bugs are fixed to ensure testing continues. Understanding when to work late nights is important to balance both time constraints and ensuring progress is made. Addressing diminishing returns will help reduce false positive bug reports and missing real bugs. Testers need to take care of themselves from nutrition, sleep, proper posture, and computer set-up to reduce burn-out and injuries. Once the deadline is met, celebrate with something special; thank the testing team; and the employees who supported them meeting the deadline.

Bernice Niel Ruhland is a Software Testing Manager with more than 20-years experience in testing strategies and execution, developing testing frameworks, performing data validation, and financial programming. She devotes many hours to reading testing approaches adopted by other testers to challenge her own testing skills and approaches. When not exploring the testing world, Bernice enjoys cooking and spending time with her husband living a health-conscious lifestyle. The opinions of this article are her own and not reflective of the company she is employed. Bernice enjoys interacting with other testing professionals. Apart from other activities Bernice regularly contributes to Testing Circus Magazine. Bernice can be reached at: http://www.linkedin.com/in/bernicenielruhland & http://twitter.com/bruhland2000.

Testing Circus wishes its Indian Readers a very happy and prosperous Diwali!!
www.TestingCircus.com October 2011 - 32 -

Heroes of Testing Circus


www.testingcircus.com

et ou r Me istant A ss s Editor at s. g Circu Testin

Small efforts can create big revolution. Testing Circus is a magazine of small efforts of passionate individuals. Here we introduce to you our Assistant Editors who help us bring out the magazine month after month with their small and passionate effort. We would like to thank these five passionate testers who have been helping us in our publication. We are proud they are with us as our Assistant Editors. ~Ajoy Kumar Singha Founder and Editor-in-Chief

Becoming a software test engineer was never a part of his plan. It just happened and he is glad that it happened. Exploring new technologies and finding issues and finding security holes in software always had been his passion. And now he is getting paid to do that. Known as , he is very passionate about software testing, is a quick leaner. Ashik never fails to ask both right and wrong questions. Ashik has tried his hands to test many web applications, mobile applications, data warehouse project within his short span of career. Ashik is now working at IMS as Test Engineer. He blogs at http:// scornik.blogspot.com Ashik can be reached at ashik.elahi@testingcircus.com and http://twitter.com/ashik_elahi

www.TestingCircus.com

October 2011

- 33 -

Heroes of Testing Circus


www.testingcircus.com
is an MBA in Total Quality Management and currently working with FirstRain Inc. as Sr. Software Engineer - QA. He is currently working on agile projects & specialized in web automation using selenium. He regularly attends all QA/IT related conferences and always tries to interact/share his knowledge among fellow testers. He is obsessed with working with mobile apps & loves to work with various mobile SDKs. When not exploring the testing world he loves doing photography. Ajay can be reached at asharma@testingcircus.com and http://twitter.com/ajay1811

is a tester and he is working to help grow the testing community in New Zealand. Early this year, he founded KWST with James Bach as faciliator. It was an awesome peer conference as it brought together 17 test leaders in New Zealand to discuss and debate and build a leadership community. He has been in testing about 13 years and has worked in a number of different envionements. Currently he is a test manager on a project whereby they are using session based testing tracked on a 'kanban' wall. Brian often writes posts his thoughts in his blog http://bjosman.wordpress.com

Brian can be reached at brian.osman@testingcircus.com and http://twitter.com/bjosman

www.TestingCircus.com

October 2011

- 34 -

Heroes of Testing Circus


www.testingcircus.com
has been working at Mphasis, Mumbai for last 3 years. He is passionate about testing and helping Testing Circus team as an Assistant Editor. Also published courses in forums and have substantial experience in mobile testing on Android, Blackberry, Symbian and iOS platforms. Gagan is also receiver of various awards at Mphasis. Gagan can be reached at gagan@testingcircus.com or you can follow him at http://twitter.com/gagantalwar

is a tester by choice. He dislikes test cases and loves exploratory testing. Asif is currently working at CMC Limited, Bhubaneswar. He is sceptical when it comes to using tools. Personally likes WATIR and believes that the best tool is the human brain. Asif has been contributing to Testing Circus as Assistant Editor. Asif can be reached at asarkar@testingcircus.com or you can follow him at http://twitter.com/Asif_Iquebal

www.TestingCircus.com

October 2011

- 35 -

Want to write for us?


See our article submission guidelines.

www.TestingCircus.com

October 2011

- 36 -

Testing Circus
Are you missing our discussions on facebook? Join Testing Circus Fan Club. Get updates and messages directly on your wall.

http://www.facebook.com/TestingCircus

www.TestingCircus.com

October 2011

- 37 -

i Test

ng

e us R Circ

ar ul

t ea

ur

Use of SetToProperty : At run time properties of Object can be changed and you can use the single object for various operations. For example: Add Web in QTP repository, change the innertext property at run time and click on different objects like Images and News Steps: Navigate to Google Home Page Add object Web in repository

www.TestingCircus.com

October 2011

- 38 -

Type the below code in your QTP Action

Notice the line # 3,8,13 and 18. Have a look at more such code snippets in
http://jaijeetpandey.blogspot.com

Jaijeet Pandey has over 5 and half years of experience in Application Development, Maintenance and Testing. From more than last 4 years he is involved in automation testing with QTP and Load Runner tools. He is associated with various testing initiatives in NCR region of India. He teaches QTP on weekends. Jaijeet writes his blog at http://jaijeetpandey.blogspot.com He is currently employed with Birlasoft, Noida. He can be reached at http://twitter.com/jaijeetpandey

www.TestingCircus.com

October 2011

- 39 -

Software Testing News


n esti T s ircu gC
ar ul g Re re tu a Fe

Bug deBug Testing Conference Report, Madurai

Vanakam Madurai, This report would give you a short summary about the Bug deBug Conference which happened in Madurai. Software Industries Development Association (SIDA, http://www.sidatn.org ) is an initiative by the IT Companies of south Tamilnadu which is working towards bringing in IT success stories from the southern districts. SIDA was very enthusiastic to bring together likeminded people from the testing community of Madurai and let the students know about the testing field. This made the core team of RIA-RUI Society (www.ria-rui.org) travel to Madurai and organize the Bug deBug conference there. With the support of SIDA Bug deBug happened in Madurai on September 17 2011 at MADITSSIA. The core team was there two days before the event and getting the logistics ready for the D-day. The event started with a huge turn up from the students community. There were around 400 participants who showed their interest for this conference. The event started with a welcome note by Sathish from RIA-RUI Society and he welcomed all the participants, organizers, people representing MADITSSIA and SIDA and partners of Bug deBug Madurai. He also took this opportunity to let the people know how Bug deBug was born for the testing community. He briefed about the success of Bug deBug Chennai edition. This was followed by a speech from the vice president of MADITSSIA, Mr.Sermapandiyan who was overwhelmed by the number of students who showed their interest to attend this conference. He was welcomed by a great applause when he started his speech in tamil. Mr.Sermapandiyan thanked
*News in Hindi Script.

www.TestingCircus.com

October 2011

- 40 -

Yeshwanth and RIA-RUI Society for conducting such a conference in Madurai and helping the students community in their career. Yeshwanth took over from the dias and introduced SIDA and thanked Bug deBug team and participants for making this event a huge success. The technical sessions had a great line up of speakers like Jayapradeep Jiothis, Suresh Srinivasan, Rajeev Anand, Pradeep Soundararajan, Ganapathi Manthiram and Dhanasekar who presented on the topics such as trends and Opportunities in software testing, Test Coverage, Automation Benefits and its future, debunking some myths about software testing, Achieving 5Es in Mobile Testing and A journey of a context driven tester. Networking during the tea and lunch breaks was a different learning for Madurai participants. The event stressed the importance of meeting the rite people and sharing their thoughts and networking effectively. The most favorite session of all Bug deBug participants, the Q&A Session with speakers, gave a chance to all participants to understand about the industry and get their doubts clarified regarding recession and project outsourcing. The event ended by thanking our speakers and partners of the event with a memento from RIA-RUI Society and of course the participants who went back looking forward for more such events to happen in Madurai. Some of the feedbacks from Bug deBug Madurai participants. - Your sessions were simply superb. We gained a lot of informations and we enjoyed a lot. - M.R. Pandi Kumari - Thanks for given such an opportunity to attend this conference. It was really knowledgeable. - T. Divya - You did a good job. And we need more conference like this. Thank you for such - T. Karthika - After a long time, I had a chance to attend a extraordinary conference, with a good hospitality and excellent speakers, I would expect a national conference from you the next - N.M. Janani - Continue your journey and face new crowd and make them as innovative as possible - B. Jemail More feedbacks about the event can be seen in www.bug-de-bug.com Bug deBug Madurai editions presentations can be viewed at http://www.bug-de-bug.com/archive/madurai-2011/ and informations on our upcoming events can be seen here http://www.bug-de-bug.com/.

www.TestingCircus.com

October 2011

- 41 -

RIA-RUI Society would like to thank its partners for their support for Bug deBug Madurai.

Online Partners who helped us increase the reach of this event to every corner,

Ping us if you would like to partner with Bug deBugs upcoming events or if you would like to apply for RIA-RUI Membership. Catch us here http://www.bug-de-bug.com/contact/ Like our facebook page http://www.facebook.com/BugdeBug to get more informations on what Bug deBug is up to. (Reported by Bharath Raghavan, Chennai)

Testing Circus needs Fresh !deas.


Join us as assistant editors and support team members. Write to us with your ideas how you can help Testing Circus grow at editor@testingcircus.com
www.TestingCircus.com October 2011 - 42 -

Show your love for Testing Circus. Send your testing team's or individual photo to us. We will publish the photos here.

Manpreet Kaur,
Worked as QA Analyst in Plavaga Software Solutions Pvt Ltd, Bangalore.

We Love Testing Circus. It Rocks!


www.TestingCircus.com October 2011 - 43 -

minipillar

Testing Circus

October 20111

Vol 2 - Issue 10

Steve Jobs (1955 - 2011)

Your time is limited, so dont waste it living someone elses life. Dont be trapped by dogma - which is living with the results of other peoples thinking. Dont let the noise of others opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary.

www.TestingCircus.com

October 2011

- 44 -

Tools Journal Testing Corner


Testing Circus & Tools Journal
Testing Circus in exclusive partnership with Tools Journal (http://toolsjournal.com) presents the Tools Journal Testing Corner.

Whats Inside?
[Tool Watch] : 10 Free & Open Source Tools For Security Testing [Tool Review] : SpiraTest Product Review [Testing Views]: Agile Testing Challenges

About Us: A start up journal and aspiring social community with an aim to gain and distribute knowledge on software tools and concepts in Testing, Agile, Cloud, Mobile and Enterprise Integration. http://www.toolsjournal.com With over 500 products listed with quality articles, product owner interviews, we are moving swiftly to launch product editorial/user reivews, commuity module in next 2 months.

Give Away
a. Register on our website www.toolsjournal.com b. Leave a comment on here with your toolsjournal user id TO WIN SeaGate External HDD USB 2.0, 7200 rpm 8MB Cache worth $60 absolutely free By 30th October, 2011
* A valid email id should be provided and voucher will be sent to the email id provided.

Connect With Us
@toolsjournal

www.toolsjournal.com www.facebook.com/toolsjournal

www.TestingCircus.com

October 2011

- 45 -

10 Free and Open Source Tools For Security Testing


Its easy to find on a day to day basis that your website is hit with numerous unwanted bots trying to sneak in, hack in all the time with malicious intent. As a website owner I I get annoyed of such attempts although I realize my every attempt to add new line of code to the website has to be robust enough and has to be thoroughly tested for security to avoid any security vulnerabilities. Recently we started to do a bit of search around free and open source security testing tools available in the industry that development/testing community can use to identify security loop holes. Well if you are having similar issues, here are few of them you could use.

Watcher
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Wapiti
Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the WebPages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like fuzzier, injecting payloads to see if a script is vulnerable. Capable of handling following. Wapiti supports Database Injection, XSS Injection, LDAP Injection, Command Execution detection, CRLF Injection and many others.

www.TestingCircus.com

October 2011

- 46 -

WebSecurify
Websecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated as well as manual vulnerability tests and it is constantly improved and fine-tuned by a team of world class web application security penetration testers and the feedback from an active open source community. WebSecurify supports SQL Injection, Local and Remote File Include, Cross Site Scripting/Request Forgery, Information Disclosure Problems, Session Security Problems to name a few among many others.

Nikto2
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Skipfish
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. SQL, PHP, Command, XML/XPath Injection along with String/Integer vulnerabilities, Directory/File intrusions, Script/CSS vulnerabilities, Password/MIME types vulnerabilities, SSL/HTTP/HTML Forms related vulnerabilities, Failed Website Resource vulnerabilities are few of the vulnerabilities to mention that Skipfish can address among other host of features.

Ettercap
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis. It supports Linux, Mac, Windows, Solaris platforms with easy installation.

www.TestingCircus.com

October 2011

- 47 -

Flawfinder
FlawndersearchesthroughC/C++sourcecodelookingforpotential securityaws.FlawnderisdesignedinPythonandproducesalistof hits (potential security aws), sorted by risk; the riskiest hits are shownrst.Therisklevelisshowninsidesquarebracketsandvaries from 0, very little risk, to 5, great risk. This risk level depends not only on the function, but on the values of the parameters of the function. For example, constant strings are often less risky than fully variable strings in many contexts, and in those contexts the hit will have a lower risk level.

Honeyd
Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.

Wireshark
Wireshark, formerly known as Ethereal, is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Wireshark supports Multi-platform and runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others. Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.

BFBTester
BFBTester is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for temp file creation activity to alert the user of any programs using unsafe temp file names.

- An article written by Tools Journal. www.TestingCircus.com October 2011 - 48 -

What Makes It Complete Test Management Solution?

SpiraTest is a one pack solution for Test Management requirements founded by Inflectra, a privately held company. The product comes with a good combination of requirements and release management, overall test case and test management including incident, bug tracking and change management. The product also comes with support to risk and issue management with a powerful dashboard as an information radiator making software test lifecycle productive and efficient. What makes it different is the workflow support for all the test management entities along with very powerful test execution interface as the product core. Relationship between various test management entities like requirements, releases, iterations, test cases, test sets, defects, incidents and risks is very intuitive. It may take some time for an initial understanding of user experience, however once you work through it; it is a sensibly designed product. SpiraTest is a very good tool for small to medium project/programme landscape. Combined with other products in the suite like SpiraPlan, SpiraTeam it could be useful ALM solution. Dashboards My Page is a personalised dashboard of the person who is logged in. This contains all of users searches, assigned incidents, requirements etc. On single click user could easily navigate or retrieve relevant information

Project Dashboard gives all relevant information associated with a specific project. This one screen could be used in the status or progress meeting and keep meetings short.

Requirements and Release Management Crate Releases and iterations with just few clicks and associate requirements that should go into the

www.TestingCircus.com

October 2011

- 49 -

release. Relevant documents can be uploaded and associated to various artefacts such as requirements, test cases and others.

Ability to indent and outdent Requirements to form a parent child relationship or form a hierarchy. Useful features to perform Inline edit of requirements via a single click. Powerful filters to customize your views along with Colour coded classification of requirements based on criticality. Workflow for requirement to pass through various stages like Requested, Evaluated, Rejected, Accepted, In Progress, Completed and more.

Test Case Management

Create hierarchical Test Cases which can be associated with Project, Release, Requirement and or Test Sets.

www.TestingCircus.com

October 2011

- 50 -

Build reusable Test Sets reducing effort in future. Each Test Case has a collection of Test Steps. During Test execution if any of the steps fail, an incident could be raised and linked to test step. Test cases can be grouped into a Test set e.g. Functional, Regression and others on the fly which can be assigned to Tester or Automation hosts. There is complete traceability between Requirement, Test Case and Incident. Test runs are archived, so any previously executed Test run could be viewed to check if recent changes have introduced any failures.

Incident Management

Incidents can be created, assigned, Tracked, linked to a step in test case. Workflow of incidents can be customized (for e.g. New->Assigned->Developed->fixed) and updated from the Administration screen. Incident types (Bug, Change request, Enhancement etc.) can be created. Each incident type can have its own specific workflow. [Very useful feature] Each incident can be traced back to requirement giving a clear idea of importance of incident.

www.TestingCircus.com

October 2011

- 51 -

Reporting Good library of pre built reports exists.

Customize reports can be created.

Reports can be exported in various formats like pdfs, Microsoft word, Excel etc.

Administration There are Rich administrative features in SpiraTest which includes Customizable fields, Customizable workflows and others.

Administration screens for Project, users, Incidents, Notifications, Documents, General settings and Integrations.

www.TestingCircus.com

October 2011

- 52 -

Integrations

Apart from having its own suite of products, SpiraTest integrates with variety of software for Test Automation, Requirements and Defect tracking systems. Following is a quick overview:

Observations
SpiraTest

based on the above analysis of features is an end to end solution for T e s t Management. UI looks like there are so many features than needed. There is a bit of learning curve to use all the features effectively. Once user gets familiar with the features SpiraTest can be easily and effectively used.

- An article written by Tools Journal.

www.TestingCircus.com

October 2011

- 53 -

6 Best Practices To Embrace Agile Testing


The traditional view of testing and the traditional Much more responsibility in terms of being role of tester has changed immensely with advent part of and driving stakeholders to define of recent trends in testing like Agile, Mobile, Cloud, requirements, driving teams to ensure Globalization and others. Its not alien if i say many testable code delivery. of the teams have confusions on what has changed Identifying the right balance of test and how do we adapt to the new trends. Agile procedures between manual, regression and being one of them, with Mobile and Cloud taking Automation testing the other two spots, its evident that the testing 6 Best Practices To Embrace Agile Testing world is riding a perfect storm. Since a decade businesses have seen tremendous Exploratory Testing competition and this competition is to continue if not with a bit more aggression. This definitely brought the much necessary change in project teams to become lean in all respects with every effort linked to business value. While development teams continue to progress in such an environment with ease, the role of testers is still being experimented and explored. This article talks about the challenges and best practices for such agile test teams. Key Challenges In Agile Testing

Traditional structured testing has always focused on writing test scripts, reviewing test scripts and executing scripts in a sequence and hence always ended in expected behaviors. However the demands of agile based delivery means a simultaneous learning, test design and test execution which is termed "Exploratory Testing". With exploratory testing, testers always look for emergent behaviors that could not have been predicted otherwise. Exploratory Testing consists of following

A very limited documentation on requirements and more reliance on collaborative meetings to brainstorm should we term "Stories" An accepted view that code delivery will be incomplete by the time testers start their testing Changes accepted right until the last minute and at times even middle of development

Learn, Design, Execute tests simultaneously Look for Emergent Behaviors that expose value to stakeholders Explore the system by running high level tests, take outputs from these tests and device yet more powerful tests

www.TestingCircus.com

October 2011

- 54 -

Test a part of system, if not many bugs found either test other part of system or change test techniques to test the same part

V - VALUABLE E - ESITMATABLE

S - SMALL Ask not "Does application meets these T - TESTABLE requirements?" instead ask "What happens Demand Test Driven And Continuous Integration if i do this?"

The very important aspect of an agile development or testing is "Test Driven Development" and The traditional development and testing always "Continuous Integration". relied on robust documentation as proofs, a divided project team in terms of stakeholders, developers and testers and focus on just a specific Test-driven development (TDD) requires area as per the persons role. The success of any developers to create automated unit tests that agile implementation or the scrum framework itself define code requirements (immediately) before is standing on five core values. writing the code itself. The tests Embrace The 5 Values

Focus Openness Commitment Courage

contain assertions that are either true or false. Passing the tests confirms correct behavior as developers evolve and re-factor the code.

Continuous Integration is small pieces of effort to integrate source code at very regular intervals Respect within a day by the development team with a view The teams are expected to be focused on their tasks to avoid complexity of integration at the end, and are committed to their completion. They are ensure good quality of code and reduce time taken quite open and honest in their thoughts and to deliver it. expressions, have courage to challenge themselves and the others, having the respect for one another at the same time. While these qualities are required Testers have a great role to play in terms of not just for testers and for every member of team, demanding TDD/CI at every stage of development a test member definitely stands on the thin line to ensure a quality deliverable comes out of ensuring quality of requirements, code and testing development. Test team has to help generate an itself often or should I say always with little time. automation framework that could be integrated into TDD and CI process to reduce the complexity Stories Should Be Right "INVESTment" of development and testing process. Unlike before test team are expected to play their part right from the start of project driving the requirements process, helping and challenging Regression Tests Are The KEY Test Artifacts development teams in terms of estimates and other The ability to accept change at any given point areas. It is absolutely necessary that team as whole within agile delivery mandates a finite set of tests come up with requirements or user stories that that can test the whole system in principle at any adhere to following principles and are right given time. If you examine carefully without investment for right value in return. proper requirements documentation, test plans and

I - INVEST N - NEGOTIABLE

with nature of testing being exploratory "Regression Tests" are the way to go to provide www.TestingCircus.com October 2011 - 55 -

confidence to self, business and the team to say an area of system being delivered is enough tested within the aggressive sprint schedule. Most of the agile teams embraced regression as an opted strategy for testing and when executed on a continuous basis without failures definitely provides product stability. Regression tests provide a basis to take decisions like below which otherwise would be hard to answer using manual testing in a two weeks iteration and as stated before an acceptance view of incomplete code.

Pradeep Soundararajan Michael Talks Nishant Verma Varada Sharma Rob van Steenbergen Jaijeet Pandey .. . .. .
They have decided to write for us.

Is the code ready to be merged? Is the product ready to be released? Has this change broken previously working? something

Automation, Automation and More Automation Its an established fact that automation is the only way to generate testing capacity to do a complete test of a release or a shippable code on a regular basis across any standard iteration. With less available testing time, have an ability to accept changes at anytime; needing to drive the team in terms of TDD I guess the only way to be able to fulfill such a responsibility is to generate time on the long run by automating tests as much as possible and as early as possible. Automation helps

Watch out for Testing Circus November issue. Happy Learning! www.TestingCircus.com

Accelerate Velocity of Agile Teams (Agile demands speed) Consistency in Testing (Across Environments and Various Stakeholders) Identify Issues Early On With less effort across any build

A sufficient amount of governance should definitely be in place for test automation and regression to ensure teams dont end up having a complex and voluminous tests to be run every time on the long run.

www.TestingCircus.com

October 2011

- 56 -

u b s c r i be To S li ck H e re C

Testing Circus
www.testingcircus.com

Still relying on reading Testing Circus from tweets & facebook updates? Subscribe just with your email id and get the magazine delivered to your email every month, free!
October 2011 - 57 -

www.TestingCircus.com

Testing Circus Team


Founder & Editor-in-Chief Ajoy Kumar Singha
Assistant Editors Brian Osman (Wellington/New Zealand) Ashik Elahi (Dhaka/Bangladesh) Ajay Sharma (New Delhi/India) Gagan Talwar (Mumbai/India) Asif Iquebal Sarkar (Bhubaneswar/India) Core Team Jaijeet Pandey, Naresh Bisht, Kumar Gaurav, Sunil Godiyal Publicity Team Maheepati Tyagi, Amit Agnihotri, Anuj Batta Online Collaboration & Advertisement Bharati Singha Technical Team Debasish Nath, Nasim Ahmed, Rajat Verma
Volume 2 - Issue 10 October 2011 The contents published in this magazine are copyright material of respective authors. Testing Circus does not hold any right on the material. To republish any part of the magazine permission need to be obtained from respective authors.

Testing Circus. Published from New Delhi/India. Copyright 2010-2011


www.TestingCircus.com October 2011 - 58 -