Companies focusing more on the skillset (and mindset) needed for Security Testing

I am just back home after completing a training program at Novell Bangalore for about 3 days, on a series of diversified topics under Security Testing.

As usual, it was a challenging situation to address the varied needs of individual groups of attendees who joined from several different projects, however, I liked and enjoyed the three days for two reasons - I had an opportunity to package most of my experience and research in the field of Security Testing, and the attendees were very smart. I have been covering only Web Application Security Testing so far and the program at Novell had more focus on security testing even on desktop products and clients (It is under Non-disclosure so I can publish the course agenda here).

Having done about 15 programs on Security Testing in the last few months, I am happy to say that there is now a clear focus in companies on the skillset (and mindset) needed for Security Testing.

Exploratory Testing can be justified when you explore what not to do by hand

I was reading this post titled "Convince my boss to let me do exploratory testing", while most of what is said in it makes direct sense, I want to add a small point through this post.

Let us say, a tester has to test a text field with the below cases:

1. It has to be tested with multiple languages like English, Hebrew, Arabic, Kannada and Devanagiri.

2. It has an upper limit for its length, say 40 characters, and the tester wants to prepare strings with 40 characters and 41 characters (and also need to know, if a string gets truncated, where it got truncated).

Naturally the tester may ask for a lot of time to prepare the inputs that drive these tests.

It could be a tester who does everything manually, or a tech-savvy tester who want to develop scripts to accomplish the same, it takes time; and I consider that as "non testing time".

So, there is a desperate need for a tool that can aid the tester to do that.

Today, http://www.testersdesk.com/ has a toolkit named "Common Test Data Generators" which help them on that aspect. It is free for the entire testing community.

As you can see, we named it as "common" test data generators instead of hyping the simple things it does.

No, this post is not about TestersDesk.com, because it does a lot more than what is written here.

Exploratory Testing can be justified when you explore what not to do; i.e., the right ways of saving (or escaping from) some time needed in scripted testing.

And of course, the mixing proportions of testing time have to rightly balance scripted and exploratory testing, and there is no "this" or "that" type of testing, by itself, that can reveal all the defects.

Enjoying and respecting the fact that we are human beings,
Ashwin.

My interactions with Pradeep Soundararajan and Shrini Kulkarni at Test2008

Having had met Pradeep and Shrini at Test2008 conference, I wanted to externalize a small extract from our conversations.

Firstly, I would say the readers of their blogs are lucky for getting the insights and influential thoughts so really needed to ensure value to the customers.

I had a quick overview from Shrini on the schools of thought in testing. I never knew the concept of Schools of thought in Testing, but having looked at the principles stated in http://www.context-driven-testing.com/, it made a lot of sense as to what I have been thinking/living all the time, and for a good thinker the word 'context' itself explains all about it.

I liked the way how Pradeep has explained the term "bug free software" -> software delivered with free bugs:-) I think there is a post on this topic in his blog too that I visited yesterday.

Overall, It brings me in to a deep introspection, as well as do some serious planning around how we can perform value-assurance (a synonym I use for the word 'testing') to testers through TestersDesk.com. Obviously, a testing product itself cannot have bugs and needs to serve as an example for having reasonable quality and deliver the value to testers. We exist to exploit technology in whatever ways possible, basically offloading the mundane tasks of a typical test engineer, and have now got more careful at what we build.

I am posting this to highlight the fact that it was an intellectually stimulating hour talking to Pradeep and Shrini, and I thank Pradeep for nominating TestersDesk.com for the Thought Leadership Award at Test2008.

Ten Current Note-worthy Trends in the Application of Technology in Software Test Engineering

On September 27th 2008, at Microsoft (Gachibowli-Hyderabad-India), HYSEA Products' forum has conducted an excellent event on Software Product Testing. HYSEA is a great blessing to Hyderabad IT industry and beyond.

I have given a seminar on "Ten Current Note-worthy Trends in the Application of Technology in Software Test Engineering".

Some 400 attendees made their presence and I was deeply excited about having such a very focused event on Software Testing (first such thing in Hyderabad I guess, other than the seminars I have given in other events that were not necessarily only for testing).

Ramesh Loganathan (MD, Progress Software India) has invested interest and energy to make the event happen. Speakers from different Hyderabad based companies gave nice presentations on various topics.

I spoke for an hour (please see the below presentation) sharing my opinions on how currently technology is being used in test engineering. I ended my talk contemplating why we cannot have an aviation-style black-box as a part of software black-box testing so that the problem of irreproducible bugs is more seriously addressed at the source. There is a note from Microsoft sharing the very same viewpoint, published on September 29th 2008. VMWare has a feature of this sort in its world, and it is a good news that the Windows OS itself will have it soon through Visual Studio, making it more real.

The presentation

As good as it gets!