Monday, 11 June 2018

Notes on Shift Left in Testing and Software Development

TLDR; Notes on Shift Left, where I try to explain why I don’t use the term and what I use instead. Evolve, Grow and Improve rather than Shift and Move

For some reason I’ve had a few emails and linkedin questions asking me what I think about “Shift Left”. I thought I’d put out a public answer.

I’ll start with - I do not use the term “Shift Left” because:

  • It seems like “consultant speak” and, while I’m a consultant, I try to speak clearly
  • It obscures, rather than clarifies, whatever point it is trying to make
  • It makes me think of ‘moving a whole thing’ rather than improving the System
Instead I think of supporting the growth and evolution of a System over its lifetime and I don’t need “Shift Left” to do that.


Friday, 1 June 2018

The Question - Are there any Software Testing super heroes?

I was tidying up some old papers and found an article I had forgotten I had written. “The Question: Are there any Software Testing Superheroes?”

This appeared in the Eurostar magazine that was handed out at Eurostar 2013. I can’t find any mention of this in my blog or websites when I search, so I’m publishing it here, a mere five years later.

Wednesday, 30 May 2018

Google Advanced Searches - Google Dorks

This morning I experimented with some Google searches which can reveal information on public sites.

Inspired by some posts from @Random_Robbie on Twitter

These are now known as Google Dorks.


Tuesday, 15 May 2018

On Hacking and Being Hacked

TLDR; If you self-host a Wordpress site, make sure you can restore from backups and check your site using wpscan and other tools regularly.

Is it irony or synchronicity when you learn hacking in more detail and end up being hacked.

Lessons learned from a WordPress hacking challenge and having your WordPress site hacked.


Wednesday, 9 May 2018

Protect The Square and Buggy Games

TLDR; Some games are not meant to be played, they are meant to be played with.

I recently released “Protect The Square”, which according to my version control system I wrote on 2nd May 2016. I had forgotten about it.

I found it again a few days ago and decided to release it as the technical exploration exercise it was intended for.



Tuesday, 8 May 2018

On CounterString Algorithms

TLDR; Reverse counterstrings are easier to generate. Creating same output forward is harder but might be useful for streaming or files.

I assume everyone has heard of and used CounterStrings. I came across them because James Bach wrote about them and created the perlclip tool to generate them.

*3*5*7*9*12*15*

Over the years I’ve written a few utilities for generating CounterStrings for a variety of platforms. I had to implement them in Excel once because we weren’t allowed to install any test tools.

Fortunately, with Excel we had VBA and could write anything we wanted.

I’ll describe the steps I’ve taken to create a Predictive Forward CounterString Algorithm.

Friday, 4 May 2018

When Management Systems Restrict Testing - Crowdsourced Functional and Security Testing Mismatch

TLDR; Too many scope and reporting restrictions on testing attenuates both noise and signal.

I’ve tried a few crowdsourced testing environments - as a tester.

And I’ve tried a few crowdsourced security testing bug bounty environments - as a security researcher.

Unfortunately, both of these environments create a management system that limits the defects that can be raised.

i.e.
  • when taking part in a BugBounty - functional defects are out of scope.
  • When taking part in a crowdsource testing project - so many defect categories are out of scope
If I was a company outsourcing to these programs, I would view that as a risk.

>