black ops testing workshop from agile testing days 2014

Black Ops Testing Workshop

Agile Testing Days

Tony BruceSteve Green

Alan Richardson

January 2015 Workshop, London

www.BlackOpsTesting.com

Introduction● 3 * 5 minute lightning talks● We expect you to test stuff● We will coach & ask questions as you test● We may periodically debrief

What you are about to test● Redmine

○ www.redmine.org● Project Planning App

○ GUI, Rest API, Feeds, DB, Web Server

Alan’s Bit at the start● Model, Observe, Interrogate, Reflect,

Manipulate● Tools help me observe and manipulate● Note Taking

A model of how Alan tests● Model

○ What I think I understand. Different viewpoints.● Observe

○ at different points to corroborate/invalidate model● Reflect

○ find gaps, lack of depth, derive intent● Interrogate

○ Focussed, deep dive observation with intent● Manipulate

○ Hypothesis exploration and “how we do stuff”

Tools help me...… Observe and Manipulate

Browser

Risks

Tools

...extend the model

Note Taking● Why:

○ Questions, Ideas, Risks, etc.● What:

○ ToDos, Issues, Observations, Notes, etc.

● When:○ Timestamps, sequential order

● Where:○ urls, environment, users, etc.

● How:○ commands, methods,

tools used, etc.

Evidence: ● logs, screenshots, output, files,

etc.

Tony’s bit● Test ideas● Tools● Information & Intelligence

Explore for test ideasPrep- Notes- Summary- Important bits

- Ideas- Comments- Questions- Thoughts- Six Honest Men

"I Keep Six Honest Serving Men ..."I KEEP six honest serving-men(They taught me all I knew);Their names are What and Why and When And How and Where and Who.…….. Rudyard Kipling

ToolsBrowser- Add-ons- Extensions - Developer tools -

Others- Accessibility- Security - Debugging -

Leadership Under Pressure: Tactics from the Front Line Bob Stewart

Information

Steve’s bitWhat are we going to test?● What’s new?● What’s changed?● What’s important?● What are known buggy areas?● What has not been tested previously?

What are we going to test?

What might be difficult?

What might be difficult?● How can we create enough data?● How can we test time-related features?● How do we know if the right thing

happened?

Lightning Talk DebriefExtras?Questions? Comments?

Collaboration Rules● Don’t load test the app, we are all using it

○ If you accidentally bring it down through a clever test then that’s fine,

● Don’t change data you didn’t create

Where is the app?● You can install it locally if you want

○ http://redmine.org● You can get an install or VM from bitnami

○ https://bitnami.com/stack/redmine● You can use the redmine demo

○ http://demo.redmine.org/● You can use our server

○ ….

Where is the app?

● Links removed as only valid at the time we conducted the workshop

Testing Phase 1● Consider what we said● Test the app in new ways, take notes, try

new tools● Black Ops Team will mingle - do ask for help● We will debrief prior to the break

“...no plan of operations extends with any certainty beyond the first contact with the main hostile force.”

Field Marshall Helmuth Carl Bernard Graf von Moltke, 1871

Test the **** out of Redmine

Hints...Are you monitoring the HTTP traffic?Have you changed the DOM?Cookies?Internationalisation?Logged issues?...

DebriefObservationsQuestions

Break (30 mins)Feel free to carry on testing if you want

Testing Phase 2● You tell us

Interrupt 1Structure your data to make testing easier.● Unique values (where possible)● Sequenced

Interrupt 2Testing maxlength and truncation.

Interrupt 2Testing maxlength and truncation.0005x0010x0015x0020x0025x0030x0035x0040x0045x0050x0055x0060x0065x0070x0075x0080x0085x0090x0095x0100x0105x0110x0115x0120x0125x0130x0135x0140x0145x0150x0155x0160x0165x0170x0175x0180x0185x0190x0195x0200x0205x0210x0215x0220x0225x023

Interrupt 2Testing maxlength and truncation.http://bit.ly/1B7gQlx

Interrupt 2a● We have a broken app - can you get in?● Links removed as only valid at the time of

the workshop

Interrupt 3Recording data flow.

Interrupt 4Can we break the CSV, Atom or PDF exports?What might do that?

Debrief Phase

Bugs we found 1● The PDF does not contain the Start Date,

Estimated Time, % Done or File Description for the attachments that are included in the New Issue form.

● The PDF does not contain the Target Version and Spent Time values that are included in the View Issue form.

Bugs we found 2The Atom feed from the View Issue page has no content when it is viewed immediately after creating an issue. It did have content after adding a quote to the issue.

Bugs we found 2

Bugs we found 3The File Description for an image is not saved if too many characters are entered in the New Issue form. We did not investigate where the boundary is.

Bugs we found 4The PDF that is generated from the Gantt page always shows the default zoom level regardless of the zoom level that has been selected.The URL of the PDF link contains a ‘zoom’ parameter (which does nothing). Changing the ‘months’ parameter has the desired effect.

Bugs we found 5Some non-Roman characters are displayed correctly on all HTML pages but they are not displayed in PDFs.

Bugs we found 6Some non-Roman characters are not displayed correctly in CSVs.

Bugs we found 7You’re able to delete all user accounts, including admin.

There is only 1 admin (as far as I could see)

Tell us how….

Bugs we found 7 cont.Record browser traffic while deleting a account.Find the delete POST

Bugs we found 8"Your account has been activated. You can now log in. "System says I am already "logged in as eris" and I am on my account page

Minor issue about wording

Bugs we found 9Error message about emails already in use when registering - privacy concern“Email has already been taken”

Bugs we found 10Maximum length of email is 60 chars but needs to accept 254

Bugs we found 11Can use an invalid language when registering a user.

Bugs we found 12Truncation on project identifier with no error or warning messagei.e. create project with 255 char identifier - truncated to 100

Bugs we found 13When creating a project, the ID and name are populated via javascript but if I change the name then the identifier is not kept in sync.

Bugs we found 14Can create an invalid enabled_modules entry by submitting a module name which does not exist when creating a project

Bugs we found 15Change url to have csv or pdf viewsSystem should respond differently to csv and pdf on projects when GUI request rather than an API request 406 is better for API, 404 with html or 406 with html payload might be better

Rathole 1 - PasswordAlan thought there was a bug with password lengths, and storing in a varchar 40, since password can be very long.But, a ‘hash’ is stored, not the password, this took time to discover.