Software Testing Blog

Our Bug Battle of the Search Engines is now open and running. Starting on Friday, August 7th, uTesters can test the quality, features and usability of the most popular search engines: Google, Bing, and Yahoo! We’ll be awarding more than $3,000 in prize money to the top testers, based on:

• Top overall tester (based on the quality of bugs and feedback)
• Top novice tester (same criteria)
• Top individual bugs in each of the sites (most interesting, most severe, best documented)
• Best survey responses (comparing the feature set, functionality and usability)

Visit our Bug Battle homepage for more details. Also, make sure you read our Tips to Win the Bug Battle in our uTest Forums.

So if you’re a uTester, get started today.  And if you’re not yet a uTester, join our community and take part in the fun.  Good luck!

Our guest blogger this month is Joseph Ours, a recent Bug Battle winner with more than 12 years of IT experience, including software testing and quality assurance. In this post, Joseph advises testers to re-examine the way they report defects in software applications.

Testers and testing are viewed as a cost center in many organizations. If you look at the roles of other “main” players, you quickly see that testers face what I call an issue of intangibles. Here’s what I mean:

• Project managers – They are task masters driving a product to completion. Businesses absolutely want products created on time and under budget – which is why they are (correctly) viewed as an absolute necessity.

• Analysts – These guys get the great job of descriptively conceptualizing the idea. This is akin to a paper prototype, and gives the business the first real glimpse of how it might look and work.

• Developers – They are the cream of the crop. They get to create an actual product that businesses can see and feel.

• Testers – Well, we say if it works or not.

Read more…

In the second part of his blog post “Security Testing Tips From a Bug Battle Winner”, uTester Bernard Lelchuk takes a closer look at some of the more effective tools to use when performing security testing.

There are quite a few attacking testing tools which can make security testing easier and more productive for both novice and veteran testing engineers alike. I will not list all of them here,  but rather cover the most essential, common and interesting FREE tools. So here they are, in no particular order:

Wireshark
A comprehensive yet easy-to-use protocol analyzer (sniffer) which will allow you to view, filter and analyze all network transmissions. (http://www.wireshark.org/)

Paros Proxy
Acts as a proxy which allows the tester to intercept and modify all HTTP/S data between server and client, including cookies and form fields. (http://www.parosproxy.org/index.shtml)

Burp Suite (Man-In-The-Middle)
Integrated platform for attacking web applications which contains several interfaces for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility. Acts as a man-in-the-middle between client and server, thus allowing the tester to intercept and modify all HTTP requests between both parties. (http://portswigger.net/suite/)

Read more…