March 2016 in London, at the SIGIST March 2016 Conference, I performed the closing keynote with a talk entitled"Push your technical testing further - into technology and security”
The slides have been released to slideshare:
The blurb read:
As testers we learn how to functionally test systems. We learn to analyse requirements and test ‘What’ a system should do. We can take our functional testing further. We can test ‘How’ the system does what it does, by understanding the technology used to build the system. We will find defects and issues that we would otherwise miss. Some of the defects would normally be associated with security testing, but we will find them without learning the techniques used for security testing. This approach to testing is applicable to any Software Development methodology and doable by any tester. Alan will explain the specific steps he used to learn to test web applications and push his functional testing further. He will provide examples of tools he uses, and why he uses those tools.
Alan also describes the thought process used to find the tools so that you can identify tools for your technology stack. After this talk you will know how to increase the potential that your testing can identify deep system issues, and steps you can immediately take which will push your functional testing further.
Three key points:
- Interact with the system at a deep technological level to find more bugs. Many classified as security bugs and missed by security testing approaches.
- Tools are necessary to observe and manipulate the system, learn about some important web testing tools and how to find new tools for your technology stack.
- These skills are open to anyone prepared to put in the work to learn. Specific steps and approaches are provided as examples for learning to test web systems.
During the talk the Sigist kindly provided two copies of “Java For Testers” that we gave away as prizes, and I brought along a unique ‘proof’ copy of “Dear Evil Tester", which I also gave away as a prize.
In the talk I was basically providing some case studies of using technical knowledge and skills to inform your testing. And gave some examples of the overlap between this style and security testing.
I also mentioned the Usborne computer books from the 80’s, many of which Usborne have released as free pdfs. There are a few on the website that I do not own, so I will read those later.
These books were a major influence on my career. I learned to write adventure games using “Write your own Adventure Programs”
A book that I previously mentioned over on Selenium Simplified where I describe the relationship between Keyword Driven Test Frameworks and Text Adventure Verb Noun parsers.
I still use the lessons I learned in this book, to this day.
I later augmented this information with another ‘Dragon’ book:
Thank you Lisa.
'methodology' doesn't matter. Process/social context might matter. Any tester can use @eviltester's techniques, need tech skills/knowledge— lisacrispin (@lisacrispin) March 15, 2016