Over a million developers have joined DZone.

Live Web Exploratory Technical Testing Session Example [Video]

DZone's Guide to

Live Web Exploratory Technical Testing Session Example [Video]

This video demonstrates a live example of technical risk-based exploratory testing, featuring Orange HRM.

· DevOps Zone ·
Free Resource

Learn more about how CareerBuilder was able to resolve customer issues 5x faster by using Scalyr, the fastest log management tool on the market. 

I created a short live exploratory testing video using Orange HRM.

The video is on YouTube and ad-free via Patreon (along with many more exclusive videos and content).

About the Exploratory Testing Session

I picked Orange HRM because:

  • I haven't tested it before.
  • It seemed fairly simple technology.
  • The user admin screen seemed similar to one I had just raised a live issue with.

I mainly picked it because the User Admin screen had a form that would allow me to explain some of the approaches that I used to find a live issue in a Bug Bounty app that I was testing at the weekend.

Risk: Forms with JavaScript validation may have different, or no, validation on the server side.

In the video I show:

  • Using the application to build a model of its functionality.
  • Recognizing the limits of what I can observe and model at the GUI.
  • Using the browser dev tools to expand my observation.
  • Expanding my observation allows me to increase the scope of my model.
  • I gain new test ideas by observing the HTML.
  • I gain new test ideas by observing the HTTP.
  • I spot a difference in behavior by viewing HTTP responses that I might easily have missed at the GUI level.
  • I explore the system further based on the different behavior.
  • I manipulate the HTML to allow me to feed in out of bounds data and bypass GUI validation.
  • I manipulate the HTTP messages to feed in data that the GUI does not allow.
  • I discover the limits of my observation when the system seems to accept invalid data that I can't view via the GUI.

Throughout the video, I try to:

  • Explain my thought processes and observations.
  • Justify the tools I use.
  • Explore and explain the observations I'm making.
  • Describe the model of the application that I'm building mentally and how it helps me test.

Hope the video helps. You can find it embedded below.

Video of Technical Risk-Based Exploratory Testing in Action

You will see:

  • Thought processes involved in building a model of an application for testing
  • explanations of examples of Technical Risk-based testing
  • explanations of exploratory testing thought processes
  • Turnkeylinux VM as a test environment
  • Orange HRM Application
  • Use of BurpSuite Repeater
  • Use of BurpSuite Intercept
  • Use of Proxy tools for exploratory testing
  • Use of BurpSuite to view HTTP requests and responses
  • Use of Firefox to view HTTP Requests and responses
  • Use of Firefox to check JavaScript Event handlers
  • Use of Firefox to amend the DOM prior to sending messages
  • Use of CounterStrings in Testing
  • Technical Exploratory Web Testing in Action

Find out more about how Scalyr built a proprietary database that does not use text indexing for their log management tool.

devops ,software testing ,validation ,orange hrm ,exploratory testing

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}