No último sábado, 9 de Fevereiro de 2019, rolou o primeiro bate-papo do grupo de mentoria do blog Talking About Testing, onde Alekson Fortes, Henrique de Souza e eu (Walmyr Filho), conversamos sobre DevOps baseado nos 3 caminhos descritos no livro “The DevOps Handbook: How to Create World‑Class Agility, Reliability, and Security in Technology Organizations“, … Continue lendo Bate-papo sobre DevOps – Grupo de mentoria Talking About Testing
Q: What is the best fuzzer (automated software testing tool) to find 0-days? Why?
A:
0-day is a very broad statement.
I tend to use the payload fuzzers in BurpSuite and OWasp Zap Proxy, but these require me to identify the target that I’m testing, and the appropriate data scope and range to fuzz.
I suspect you might be more interested in application or file based fuzzers.
Google have introduced a service for fuzzing applications.
There are many lists of fuzzers to read through.
New tools are being created for this all the time and there is a constant flood of research on fuzzing:
scholar.google.co.uk/scholar?hl=en&as_sdt=0%2C5&q=fuzzing&btnG=
Since the fuzzers all work at different levels and on different technologies you have to be very specific in your research to make sure you don’t overload yourself with tools (with is all too easy to do in Security Testing)
https://eviltester.com/blog/eviltester/quora/2019-02-13-what-best-fuzzer/
I like to write little bots from the console to help with with application and game automation. But when the variables and objects I need are created from within anonymous functions I can’t get access. In this post I will explain how to access them.
I’ve tried writing helper code to access the methods within objects and trawl through the DOM to find specifically named objects, and that can help with a large application where the objects are all public.
But when the application is essentially one anonymous function kept alive by event handlers and timers, how do we access the objects.
The short answer is:
e.g. if there is a pacman object I want to access, then find a line that uses it, breakpoint the line, then from the console:
window.pacman = pacman
And I now have access to the private pacman object from the console when not in debug mode because the window now has a reference to it.
This requires a manual step before any of my automated bots can be used but if I write down what to ‘search for’ to find the line in the code then it is pretty easy to repeat.
If we are relying on the objects being private and inaccessible due to the anonymous function then we really shouldn’t because if it is in our browser, the user can gain access to it.
Always have protection on your server side to handle anything thrown at it.
This opens up a bunch of new options for testing and automating modern JavaScript approaches for me.
This can’t really be used for continuous integration automating or fully autonomous code injection since there is a manual step involved. But for automating tactically where the user is present, this opens up more possibilities.
Using the simple open source Pacman clone from platzh1rsch.ch where all the code is wrapped and called from anonymous function. I show the steps and thought processes for gaining console access to the main game and pacman objects to allow me to write infinite life cheats.
I have some material covering this topic:
https://eviltester.com/2019/02/hacking-javascript-private-variables.html
No ano de 2019 a Escola Talking About Testing está fechando uma parceria com a organização Patas Dadas e 10% do valor pago por cada curso será doado à tal organização. A Patas Dadas tem a missão de resgatar animais em situação de abandono, proporcionando o atendimento veterinário necessário até estarem prontos para a adoção, buscando … Continue lendo Talking About Testing & Patas Dadas
https://talkingabouttesting.com/2019/02/12/talking-about-testing-patas-dadas/
Mais um post da série qualidade de código em teste de software Se você está chegando neste post agora e ainda não leu os conteúdos anteriores, recomendo começar por eles. Seguem os links: Escreva pequenas unidades de código Escreva simples unidades de código Agora se você já leu o primeiro e segundo post da série, vamos … Continue lendo Escreva código uma só vez
https://talkingabouttesting.com/2019/02/11/escreva-codigo-uma-so-vez/
Good pipelines are stable and can support frequent and small releases. When building the pipeline you need to include not only the build and unit tests part, but also the e2e tests and even the smoke tests and deploy to all the environments, so you have as minimun as human interation as possible, avoiding releases … Continue reading Automated tests in a CD/CI pipeline →
https://azevedorafaela.com/2019/02/07/automated-tests-in-a-cd-ci-pipeline/
One way I practice my Software Testing, improve my JavaScript programming and practice my automating is by ‘hacking’ JavaScript games.
One of my bots scored 282010 on https://phoboslab.org/xtype/ This ‘bot’ is JavaScript code that runs from the Browser Dev Tools and plays the game.
I have a video showing the bot in action below.
To create this I have to learn to use the dev tool to inspect the Dom, and the running memory space, and read the JavaScript. All of this is modelling the application. A recon step that helps me with my Software Testing.
As I recon the app I look at the network tab to see what files are loaded and what API calls are issued. This also informs my model. And makes me think about Injection and Manipulation points.
Perhaps I can use a proxy to trap and amend those requests? Perhaps my proxy can respond with a different file or data automatically?
These are thought process and skills that I can apply in my testing. I also learn more about HTTP, Dev tools and Proxies.
When the game is running I have to observe its execution behaviour. I build a model of the software and its functionality. This informs my Software Testing. I have to build models of the application as I test and make decisions about what to target.
To ‘hack’ the game, I have to inspect the objects which have been instantiated by the code. I can do this in the console by typing in the object names.
To learn what these objects are I have to read the game code. This improves my JavaScript because one of the best ways to learn to write code is to read code and try to understand what it does.
I can use the Snippets view in Chrome Sources to write JavaScript. This is a built in mini JavaScript IDE in the browser.
I can write simple code here to manipulate the game objects in memory to help me cheat and hack the game. I don’t need to learn a lot of JavaScript to do this, and most of the JavaScript you need is already in the game source itself.
To write a ‘bot’… code that executes in its own thread periodically to do something, I use the ‘setInterval’ command. This is the fundamental key to writing JavaScript bots. e.g.
var infiniteLivesBot = setInterval(infiniteLives,1000);
The above line calls a function named infiniteLives every second. That infiniteLives function checks if my number of lives have decreased, and if so, increase them. e.g.
function infiniteLives(){
if(game.lives<3){
game.lives=3;
}
}
var infiniteLivesBot = setInterval(infiniteLives,1000);
I can easily stop this bot using the clearInterval command.
clearInterval(infiniteLivesBot);
I can run that code from the snippets view, or paste it into the console, or convert it into a bookmarklet. Whatever is more convenient to help me when I want to hack the game. I do the same thing to support my testing e.g. setup data, delete data etc.
This is a form of ‘tactical’ automating. It won’t scale, it doesn’t go into continuous integration. It supports me. It does a specific task. It automates part of my work. It is a good start to learning to automate more strategically.
To automate xtype I had to learn how to trigger mouse events to initiate the firing functionality. I couldn’t remember how to do this. I copy and pasted a snippet of code from stackoverflow. All professional programmers do this.
stackoverflow.com/questions/2381572/how-can-i-trigger-a-javascript-event-click
var event = document.createEvent(“MouseEvents”);
event.initEvent(“mousedown”, true, true);
document.getElementById(“canvas”).dispatchEvent(event, true);
Part of learning programming is knowing where to find a general answer. Knowing which part of the answer to isolate. Then having the confidence to bring that into your code and experiment with it.
As I do this, I learn more JavaScript. Which allows me to write scripts in other tools e.g. Postman. And I can inject code into applications e.g. using WebDriver JavaScriptExecutor. The more I practice, the more options I open up.
I take the knowledge and then write small utilities or applications to help me. I write a lot of small JavaScript utilities to help me with data extract activities and reformatting of data from Web applications.
I extended my knowledge by writing JavaScript applications and games which I bundled into:
If you want to experiment with simple games manipulation and hacking then the games in this app are designed for that purpose.
Doing this also has a knock on effect on how I view web applications. The GUI is no longer a trusted client. The GUI can be manipulated by the user. The messages it sends to the server can be manipulated by the user. The server needs to be robust.
This helps my Software Testing. I have to go deeper when I test. And by practicing I develop the skills to go deeper when I test. I can recognise when requirements need to be tested more deeply than they state on the surface.
This helps my programming. I am very aware that the server needs to validate and approach the input data with caution.
This is one way that I practice my Software Testing, JavaScript programming and automating. The benefit to me has been enormous. I recommend this, or adapt the ideas and create your own practice path.
I cover many of the skills to do this in my online Technical Web Testing 101 course https://www.eviltester.com/page/onlinetraining/techwebtesting101/
This was a hard bot to write Xtype is a bullet hell shooter which are challenging to play, let alone automate - and no, I’m not going to show you the code for the bot.
But this is not my first bot.
I’ve written bots to play z-type, Cookie Clicker, 3D Monster Maze
I like these games because they are all well written, I can read the code to improve my programming, and they are fun to play.
Many of my bots are not full playing bots like the x-type bot. They are support tools. And when I started to automate x-type I started with support tools:
For 3D Monster Maze I only wrote support tools:
For many games I try to think how to add extra features to make the game more interesting. I don’t have the skill or patience to write games like these, but I do have the skill and motivation to ‘augment’ them for my learning.
This is analogous to writing ‘tools’ to support our testing, or making applications more ‘testable’.
Note: my games github.com/eviltester/TestingApp are not well written, but they are very easy to understand and hack.
https://eviltester.com/2019/02/practice-javascript-software-testing-automation.html
Quick tips for pretty printing JSON in the Browser.
All examples in this post use the swapi.co API
In the network tab, I will very often be observing network traffic, and I’ll want to interrogate the message to view it more easily.
So I copy and paste it from the network tab.
I could use an online tool to format it and view it:
Or I could use the browser itself.
Pasting the Json into the console will show an interactive view where I can expand and contract the outline and view the JSON.
JavaScript has a built in JSON class and I can use the stringify method to pretty print an object as JSON to the console.
So I first create an object from the JSON:
bob={"name":"Luke Skywalker"}
Then I can pretty print the JSON (4 is the indentation level):
JSON.stringify(bob, null, 4)
e.g
"{
"name": "Luke Skywalker",
"height": "172",
"mass": "77",
"hair_color": "blond",
"skin_color": "fair",
"eye_color": "blue",
"birth_year": "19BBY",
"gender": "male",
"homeworld": "https://swapi.co/api/planets/1/",
"films": [
"https://swapi.co/api/films/2/",
"https://swapi.co/api/films/6/",
"https://swapi.co/api/films/3/",
"https://swapi.co/api/films/1/",
"https://swapi.co/api/films/7/"
],
"species": [
"https://swapi.co/api/species/1/"
],
"vehicles": [
"https://swapi.co/api/vehicles/14/",
"https://swapi.co/api/vehicles/30/"
],
"starships": [
"https://swapi.co/api/starships/12/",
"https://swapi.co/api/starships/22/"
],
"created": "2014-12-09T13:50:51.644000Z",
"edited": "2014-12-20T21:17:56.891000Z",
"url": "https://swapi.co/api/people/1/"
}"
https://eviltester.com/2019/02/pretty-print-json-using-dev-tools.html
Just because a site says we can’t paste into a field, doesn’t mean we have to believe it.
Inspired by this blog post:
dev.to/claireparker/how-to-prevent-pasting-into-input-fields-nn
Clair Parker-Jones shows how to prevent people pasting into input fields. This is common code and you’ll see it on StackOverflow a lot. Claire’s post seemed to receive a lot of flack comments but, people do this and she just wanted to learn how it was done and shared that knowledge. She also put the time into creating a codepen example which you can explore and experiment with.
I forked the example code in here:
https://codepen.io/eviltester/pen/WPpJGo
This is terrible UX pattern but we see it all the time. And as testers we have to work with it, or workaround it.
So how do we bypass it?
inspect and remove listener in the dev tools
with code from the console:
document.getElementById(“paste-no”).onpaste={};
document.getElementById(“paste-no”).onpaste=null;
document.getElementById(“paste-no”).onpaste=new function(){};
If it wasn’t in a frame it would be easy to create a bookmarklet. Creating a bookmarklet can be done, but it is a little bit more complicated than if it wasn’t in a frame. For information on bookmarklets and frames see https://www.irt.org/articles/js170/
Everything in the GUI is ours to observe, interrogate and manipulate. Which is why as testers, the more we understand the technology and the tools, the more we open up possibilities and options in our testing. And we should not limit our testing to the obvious ‘happy’ paths in the GUI.
If you are interested in learning this type of thing then I have an online course:
https://eviltester.com/techwebtest101
I have a follow on exclusive video for Patreons showing another way to bypass the pasting and discussing this in more detail in relation to Software Testing, Risk and Bug & UX Advocacy.
https://www.patreon.com/posts/24482175
https://eviltester.com/2019/02/bypassing-no-paste-fields.html
Hello guys, just came here quickly to share with you this link containing AWS presentantions for this year, some of them already happened, but you can register and watch the next ones for free, the link is below: https://aws.amazon.com/about-aws/events/monthlywebinarseries/
https://azevedorafaela.com/2019/02/03/aws-online-tech-talks-2019/
How do you keep motivated and accountable to improving your testing and technical skills?
Where do you find small regular chunks of Software Testing and Development experience?
This is what I was thinking when I setup the Evil Tester Patreon.
Since then I realised that knowing Patreons are there, pushes me harder to think about my testing and my own improvement, and that drives content that I put on Patreon to help other people.
I put a lot of stuff on YouTube, but only the ‘obvious’ content really gains traction. The content that I think is really valuable and which I learned most from creating doesn’t do as well. I started putting that content in Patreon where people who are really serious about their professional development can learn from it.
$5 a month. How much is your learning worth to you?
You can gain access to daily information, videos, tips and motivation. And access to exclusive online courses and recorded conference talks.
The price is there so that you recognise that you are committing time and money behind your growth and development.
Patreon allows you to drop in and out so you can sign up, learn, then back off for a little while and come back.
I’m trying to support that more by creating collated monthly pdfs of all the content.
If you are tuning in every day then you’ll probably be able to keep up with the daily posts, but if you drop out for a few months then you need a way to catch up when you come back and re-commit to learning. No other Patron program has this. I’ve had to write custom code to do this (and I explain how I did it in a few Patreon videos).
If you need to give something up in order to commit the funds to your learning then consider:
You can augment your other learning approaches with this and give yourself an edge that other people don’t have.
It is as much of a community as you make it.
I interact on comments, IMs, and on the Discord chat server.
The more you ask questions, the more I create content that is tailored towards the needs of the people in Patreon.
I use Patreon as my accountability partner. Knowing people are there keeps me concentrated on distilling what I learn in small chunks. Seeing content on a daily basis is a reminder to keep learning and pushing yourself to improve.
If you want to improve and stay motivated to improving your testing and development skills.
Try it out. You gain access to everything as soon as you pledge.
Sign up here at patreon.com/eviltester.
https://eviltester.com/2019/02/behind-the-scenes-january-patreon-content.html
Olá e seja bem vindo a mais um post da série qualidade de código em teste de software do blog Talking About Testing No primeiro post da série falei sobre a importância de escrevermos pequenas unidades de código, baseado na primeira guideline do Better Code Hub (BCH). No post de hoje irei falar sobre uma perspectiva … Continue lendo Escreva simples unidades de código
https://talkingabouttesting.com/2019/01/28/escreva-simples-unidades-de-codigo/
Por que todo mundo odeia os bugs?
Ao contrário do que muitos pensam, alguns QAs também detestam eles! A metodologia ágil nos ensinou que fazemos parte da equipe e que a qualidade e sucesso do software é mérito de todos nós. Ás vezes encontrar bugs pode ser extremamente desmotivador pra todos e acabamos nos sentindo mal por esse papel, porém, ele é necessário.
Primeiro, vamos entender isso do ponto de vista do programador: você passou um bom tempo desenvolvendo aquele sistema, passou por bons e maus momentos e criou uma relação tão forte pelo seu código que você poderia casar com ele.
Então, o seu programa cai nas mãos QA e com o primeiro bug encontrado vem a primeira grande decepção, depois essa decepção vai se transformando em raiva após cada erro apontado. O problema é: essa raiva é de você mesmo por ter errado ou do QA?
“O QA é tipo aquela tia chata que você encontra nas festas de família que gosta de apontar todos os seus erros, você já sente desânimo em encontrar ela e ouvir novamente que você está ficando gordo, careca e que ainda não se casou.”
O ponto de vista do tester: aguardamos ansiosamente a nova versão do sistema, e como na maioria dos projetos ela atrasou um pouco durante o desenvolvimento, agora faltam poucos dias para os testes. Você começa a testar e a rezar para que não encontre nenhum bug e possa ir cedo pra casa. Mas aí vem a vida e diz “Não!”. Você encontra o dito cujo, anuncia a descoberta, sente o rancor de todo o resto da equipe, abre um novo ciclo de testes e se prepara para passar a noite toda testando o sistema.
“O programador é tipo aquele amigo chato que atrasa em todos os compromissos. Você sempre acaba esperando muito tempo até ele chegar, e quando ele chega está tão tarde que você vai ter que engolir a comida/perder o começo do filme/chegar atrasado na festa. Se você reclamar, provavelmente vai ouvir um monte de desculpas esfarrapadas porque ele nunca assume os erros.”
Por que isso acontece? Talvez porque a interpretação do que deveria ser o teste de software não seja feita da melhor maneira.
Veja alguns (maus) exemplos:
- Testes só servem pra encontrar bugs.
Testes devem ajudar a agregar valor, aumentar a qualidade e a confiabilidade do sistema. Encontrar erros não diminui a qualidade do sistema, mas deixar que eles continuem lá, sim!
- Meu programa está 100% livre de bugs.
Aceite que o programa pode conter erros, ele não é perfeito, e nem você. Não leve pro lado pessoal.
Além disso, é preciso considerar, o erro existe quando o sistema não faz aquilo que deveria fazer e também quando ele faz aquilo que não deveria fazer. Nem sempre os erros são encontrados testando exatamente o que está especificado na documentação.
- Este programa foi 100% testado.
No mundo ideal nós queremos testar o sistema inteiro com todas as combinações possíveis, mas na maioria das vezes isso é impossível e inviável. Então saia dessa paranóia e foque nos testes que realmente importam. Estamos mais interessados em qualidade e não quantidade.
É preciso tomar cuidado também com o foco dos testes. Como eu disse no começo, não é a coisa mais legal do mundo achar um bug quando você já estava pronto pra ir embora. Mas você faz os testes com a intenção de encontrar bugs ou de mostrar que o sistema está funcionando corretamente? Essa pergunta parece não fazer sentido, mas pense que, quanto mais cansado e com pressa de terminar os testes, maior a chance de você apenas querer mostrar que o sistema está funcionando e pular testes importantes.
Quanto maior a vontade de encontrar bugs, maior a vontade de “destruir” o sistema antes que ele seja liberado. E essa é uma das razões do porque o tester encontra muito mais erros no sistema do que o programador, que não se importa em “destruir” o sistema.
- Este sistema fracassou na fase de testes.
Outro problema de ponto de vista. O que é fracasso pra você? Achar 10 bugs na fase de testes ou 5 clientes reclamarem de bugs em produção? (Dica: os bugs em produção são os piores).
Quando executamos um teste e um bug é encontrado, a execução é apontada como “mal sucedida”, como se fosse algo indesejada. Mas para o QA deveria ser exatamente o contrário. Afinal, se o objetivo era encontrar erros o quanto antes, esse teste não deveria ter sido “bem sucedido”.
O livro “The art of software testing” (Glenford J. Myers), faz um analogia muito boa sobre fracasso e sucesso dos testes: imagine uma pessoa indo ao médico por estar com mal-estar a dias. O médico pede alguns exames e o laboratório não encontra nada. Esse exame foi bem sucedido ou mal sucedido? O paciente pagou pelos exames, continua doente e o médico não sabe como diagnosticar. Porém, se o exame do laboratório acusar que este paciente tem dengue, o exame pode ser considerado como bem-sucedido, já que agora o médico pode tratar o paciente da forma correta e antes que ele piore. Nesse caso, considere que o paciente é o nosso programa a ser testado. 
http://www.thebugfeed.com/2016/11/todo-mundo-odeia-os-bugs.html
TLDR; Downloading a file with RestAssured is as simple as taking the body of a request as a byte array and writing it to a file.
When automating I often have to download files. One very common FAQ for WebDriver is “How do I download a file with WebDriver?”.
Answer: Don’t, use an HTTP Library instead.
You can, by configuring the browser session to not prompt for location dialogs, and then click download button. But usually that is more pain that it is worth so, if I have to download a file, I’ll use an HTTP library.
RestAssured is marketed as an API testing library. And I do use it to test APIs, as I documented in my book “Automating and Testing a REST API”. I also use it as a general purpose HTTP library, and that is really how I am describing it here.
I’ve extracted the following code from an actual set of Tactical Automated Execution code that I wrote recently.
private void writeImageIfNotExists(
final PostDetails postDetails,
final File outputImagePath,
final String image_url,
final String fileNameMain,
final String fileNamePostExtDetails) throws IOException {
File outputImageFile = new File(outputImagePath.getPath(),
fileNameMain + fileNamePostExtDetails);
if (!outputImageFile.exists()) {
Map<String, String> cookies = new HashMap();
cookies.put("session_id", Secret.SESSION_ID);
byte[] image = RestAssured.given().
cookies(cookies).
when().get(image_url).
asByteArray();
// output image to file
OutputStream outStream = new FileOutputStream(outputImageFile);
outStream.write(image);
outStream.close();
}
}
The above is pretty hacky (but it is tactical, which means I wrote it for a specific purpose and may be short lived).
It basically creates a File object from a path, and file name Strings.
If the file doesn’t already exist then.
I create a HashMap of cookies. Then I add one cookie, a session_id because I’m bypassing the login process to rip out data from the system. If I was download a file during GUI Automating then I might rip the cookie from the WebDriver session and inject the details into my RestAssured session. In the above example I copy and pasted the session id from the browser becuase it was tactically supporting me doing some work.
Then I make a call using RestAssured
byte[] image = RestAssured.given().
cookies(cookies).
when().get(image_url).
asByteArray();
This makes a GET request and returns the body as a byte array.
Which I can then write to the output file.
OutputStream outStream = new FileOutputStream(outputImageFile);
outStream.write(image);
outStream.close();
This is the basic code to download a file but isn’t necessarily the best example.
I have created a slightly longer example and added it to my LibraryExamples project on Github
You can read the code to see full details, or watch the explanatory video.
Summary though (see sample code below the summary):
I pass in a map of cookies and headers to allow me to authenticate easily
rather than return the body asByteArray I return the response,
200 status, this makes the whole process more reliable long termI can still convert the body to a byte array when I know it exists
response.getBody().asByteArray()If I wanted a very flexible solution, I wouldn’t assume an extension and I would use the Contenty-Type header to assign an extension, but in this example I just output the header to the console so you can see how to get it
response.getHeader("Content-Type")The output file writing is a little more robust in that it catches any exceptions and reports the error.
If I was automating strategically I would use code more like the following, and gradually refactor it into a library to ever more generically support my strategic automating approach. e.g.
private void downloadUrlAsFile(
final Map<String,String> cookies,
final Map<String,String> headers,
final String urlToDownload,
final File outputPath,
final String filename) throws IOException {
File outputFile = new File(outputPath.getPath(), filename);
final Response response = RestAssured.given().
headers(headers).
cookies(cookies).
when().
get(urlToDownload).
andReturn();
// check if the URL actually exists
if(response.getStatusCode() == 200){
if (outputFile.exists()) {
outputFile.delete();
}
System.out.println("Downloaded an " + response.getHeader("Content-Type"));
byte[] fileContents = response.getBody().asByteArray();
// output contents to file
OutputStream outStream=null;
try {
outStream = new FileOutputStream(outputFile);
outStream.write(fileContents);
}catch(Exception e){
System.out.println("Error writing file " + outputFile.getAbsolutePath());
}finally {
if(outStream!=null){
outStream.close();
}
}
}
}
https://eviltester.com/2019/01/how-to-download-a-file-with-rest-assured.html
TLDR; Boundary Value Analysis is a simple technique and with additional exploration can add value in the real world.
Boundary Value Analysis (BVA) is one of the most basic test techniques that we learn.
Often taught at the same time as Equivalence Partitioning.
In this post I explain the technique and use it it find a bug in Chrome and Firefox.
BVA if often applied to input fields or anywhere that ranges of input are used where there is some maximum and minimum validation.
e.g. if I have an input field which accepts values from 10 to 100 then 10 would be the minimum, 100 would be the maximum.
I can model that as. a Set of Ordered sets:
{ x <= 9}{10 -> 100}{101 to infinity}
Above is a model containing 3 sets, the first set
The second set:
The third set
The values on the boundaries between the sets are (9,10) and (100,101) and they are the basic values that BVA would give me when applied as a technique.
Another way to consider this is as -1,0 and +1 for the valid boundary maximum and minimum range values.
The maximum and minimum values are 10 and 100 which gives me:
The additional values within the same equivalence class are optional and are an extension i.e. 11 (+1 on the minimum range value) and 99 (-1 on the maximum range value).
In the real world we use Boundary Value Analysis as a starting point, but we also have to consider:
When I was looking at the sample application in the Chrome I discovered that some of my assumptions were incorrect.
Not all non-numeric characters were excluded, I could type “e”, “-”, “+”, and “.”
This led me to explore other representations of my valid boundery values, which might have caused an error in a downstream system:
This is demonstrated in the following video where the exploration around BVA found a defect in Chrome and Firefox.
Boundary Value Analysis is technique driven from the Heuristics:
errors happen at the edges
watch out for off by one errors
The technique concentrates on the off by one errors.
The heuristic of errors at edges is much more generic and applies to any model involving bordering.
I created a video explaining the heuristic nature of boundary value analysis on Patreon.
https://www.patreon.com/posts/24196729
The page I used to demonstrate the technique has been uploaded here
https://eviltester.com/2019/01/what-is-boundary-value-analysis.html
Hello guys, I have been working with kubernetes, docker, postman and newman a lot lately due some tests on internal microservices. To test these internal microservices I am running postman scripts in the same kubernetes cluster where the services are running. Kubernetes is an open source container orchestrator, which means you can group together all … Continue reading How to test internal microservices in a kubernetes cluster →
https://azevedorafaela.com/2018/12/18/how-to-test-internal-microservices-in-a-kubernetes-cluster/
O que é o CasperJS? O CasperJS é uma ferramenta escrita em JavaScript que permite a geração de scripts de navegação e testes para o PhantomJS. O PhantomJS funciona como um browser headless. O que é um headless browser? Um headless browser é um navegador web que não possui interface gráfica. Assim, não conseguimos ver o conteúdo […]
O post CasperJS: testes de aceitação automatizados com JavaScript apareceu primeiro em Code a Test.
http://www.codeatest.com/casperjs-testes-de-aceitacao-javascript/
Introdução Neste post vou mostrar de forma sucinta e prática como testar exceções em Java, utilizando o framework JUnit 4. Vou demonstrar 3 formas de escrever testes unitários que verificam o comportamento de exceções. Nossa classe para ser testada As 3 formas de se testar exceções em Java serão feitas em cima da classe mostrada abaixo. O […]
O post Como testar exceções em Java com o JUnit apareceu primeiro em Code a Test.
http://www.codeatest.com/como-testar-excecoes-em-java-junit/
Introdução Vamos mostrar como utilizar o Selenium WebDriver com o Chrome Headless para a executar testes de aceitação automatizados web. Ao final desse artigo você será capaz de executar o Selenium utilizando o modo headless do Chrome. Chrome Headless: por que usar? Como mostramos em um post anterior, os testes de aplicações web com Selenium precisam de […]
O post Chrome Headless com Selenium WebDriver apareceu primeiro em Code a Test.
http://www.codeatest.com/chrome-headless-selenium-webdriver/
Olá galera, Semana passada estive participando de um Hangout muito bacana organizado pelos queridos amigos do Agile.pub falando sobre o Perfil do Testador Ágil, quem tiver interesse pode assistir o vídeo abaixo: Para mais detalhes sobre o que foi discutido podem acessar o link postado no Agile.pub http://agile.pub/assuntoparahappyhour/assunto-para-happyhour-o-perfil-do-testador-agil/. Até mais galera!
http://vanilton.net/blog/2016/05/02/hangout-agile-pub-perfil-do-testador-agil/