Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Live Web Exploratory Technical Testing Session Example [Video]

DZone's Guide to

Live Web Exploratory Technical Testing Session Example [Video]

This video demonstrates a live example of technical risk-based exploratory testing, featuring Orange HRM.

· DevOps Zone ·
Free Resource

Learn more about how CareerBuilder was able to resolve customer issues 5x faster by using Scalyr, the fastest log management tool on the market. 

I created a short live exploratory testing video using Orange HRM.

The video is on YouTube and ad-free via Patreon (along with many more exclusive videos and content).

About the Exploratory Testing Session

I picked Orange HRM because:

  • I haven't tested it before.
  • It seemed fairly simple technology.
  • The user admin screen seemed similar to one I had just raised a live issue with.

I mainly picked it because the User Admin screen had a form that would allow me to explain some of the approaches that I used to find a live issue in a Bug Bounty app that I was testing at the weekend.

Risk: Forms with JavaScript validation may have different, or no, validation on the server side.

In the video I show:

  • Using the application to build a model of its functionality.
  • Recognizing the limits of what I can observe and model at the GUI.
  • Using the browser dev tools to expand my observation.
  • Expanding my observation allows me to increase the scope of my model.
  • I gain new test ideas by observing the HTML.
  • I gain new test ideas by observing the HTTP.
  • I spot a difference in behavior by viewing HTTP responses that I might easily have missed at the GUI level.
  • I explore the system further based on the different behavior.
  • I manipulate the HTML to allow me to feed in out of bounds data and bypass GUI validation.
  • I manipulate the HTTP messages to feed in data that the GUI does not allow.
  • I discover the limits of my observation when the system seems to accept invalid data that I can't view via the GUI.

Throughout the video, I try to:

  • Explain my thought processes and observations.
  • Justify the tools I use.
  • Explore and explain the observations I'm making.
  • Describe the model of the application that I'm building mentally and how it helps me test.

Hope the video helps. You can find it embedded below.

Video of Technical Risk-Based Exploratory Testing in Action


You will see:

  • Thought processes involved in building a model of an application for testing
  • explanations of examples of Technical Risk-based testing
  • explanations of exploratory testing thought processes
  • Turnkeylinux VM as a test environment
  • Orange HRM Application
  • Use of BurpSuite Repeater
  • Use of BurpSuite Intercept
  • Use of Proxy tools for exploratory testing
  • Use of BurpSuite to view HTTP requests and responses
  • Use of Firefox to view HTTP Requests and responses
  • Use of Firefox to check JavaScript Event handlers
  • Use of Firefox to amend the DOM prior to sending messages
  • Use of CounterStrings in Testing
  • Technical Exploratory Web Testing in Action

Find out more about how Scalyr built a proprietary database that does not use text indexing for their log management tool.

Topics:
devops ,software testing ,validation ,orange hrm ,exploratory testing

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}