Tuesday, 15 May 2018

On Hacking and Being Hacked

TLDR; If you self-host a Wordpress site, make sure you can restore from backups and check your site using wpscan and other tools regularly.

Is it irony or synchronicity when you learn hacking in more detail and end up being hacked.

Lessons learned from a WordPress hacking challenge and having your WordPress site hacked.


Wednesday, 9 May 2018

Protect The Square and Buggy Games

TLDR; Some games are not meant to be played, they are meant to be played with.

I recently released “Protect The Square”, which according to my version control system I wrote on 2nd May 2016. I had forgotten about it.

I found it again a few days ago and decided to release it as the technical exploration exercise it was intended for.



Tuesday, 8 May 2018

On CounterString Algorithms

TLDR; Reverse counterstrings are easier to generate. Creating same output forward is harder but might be useful for streaming or files.

I assume everyone has heard of and used CounterStrings. I came across them because James Bach wrote about them and created the perlclip tool to generate them.

*3*5*7*9*12*15*

Over the years I’ve written a few utilities for generating CounterStrings for a variety of platforms. I had to implement them in Excel once because we weren’t allowed to install any test tools.

Fortunately, with Excel we had VBA and could write anything we wanted.

I’ll describe the steps I’ve taken to create a Predictive Forward CounterString Algorithm.

Friday, 4 May 2018

When Management Systems Restrict Testing - Crowdsourced Functional and Security Testing Mismatch

TLDR; Too many scope and reporting restrictions on testing attenuates both noise and signal.

I’ve tried a few crowdsourced testing environments - as a tester.

And I’ve tried a few crowdsourced security testing bug bounty environments - as a security researcher.

Unfortunately, both of these environments create a management system that limits the defects that can be raised.

i.e.
  • when taking part in a BugBounty - functional defects are out of scope.
  • When taking part in a crowdsource testing project - so many defect categories are out of scope
If I was a company outsourcing to these programs, I would view that as a risk.

Thursday, 3 May 2018

The Evil Tester Show - Episode 005 - Rejection

TLDR; Everyone experiences rejection. We need strategies for how we respond to it.

The Evil Tester Show Episode 005 covers the topic of Rejection and strategies of how you can cope with it.

Thursday, 26 April 2018

A Compendium of Testing Apps

TLDR; A Compendium of Testing Apps rebadged, re-packaged, new repository, more apps, including REST API testing.

I bundled up a bunch of web pages into a testing app. I have now restructured the code for that application and added in a REST API Test application as well.

I’ve also moved the code to a new repo to make it easier to download. You can find the “Evil Tester’s Compendium of Testing Apps” at
And download from the releases page

Thursday, 12 April 2018

How to use the Source Code for the Book Automating and Testing a REST API

TLDR; download the source from github, open in IntelliJ and amend the IP address, username and password of the VM installed admin user.

I recently realised that I didn’t have a video showing how to download and use the source code for the book Automating and Testing a REST API

Rectified. Now I do.


How to use Test Practice Pages and Games from Evil Tester

TLDR; download the .jar from github, run from the command line, visit localhost:4567, navigate, play and test.

I have written a lot of apps and games over the years to support my training workshops. Most have been hosted on my web sites. Now you can download them all in one easy to use .jar file.

Thursday, 29 March 2018

How to install cURL on Windows

TLDR; cURL requires an install on Windows, but it isn’t always easy unless you use a one-click installer or Chocolatey.

I remember cURL being easier to install than it currently seems to be. I’ve had a few questions from people working through my book “Automating and Testing a REST API” on who were experiencing difficulties installing cURL on Windows. I documented a few different approaches.


Friday, 23 March 2018

Using the Turnkey Linux VM for Tracks Testing

TLDR; Turnkey linux VM for testing Tracks using network settings Bridged, or Host Only.

I normally use VM Ware, but I create a video showing Turnkey Linux and Virtual Box to help people with the network settings.


Tuesday, 20 March 2018

Automated Execution for Acceptance Testing - Java JUnit FizzBuzz

TLDR; The Tester in me was not satisfied by the TDD of FizzBuzz so I expanded the coverage with some simple acceptance testing modeled by automated @Test methods.

Previously on “Testers TDD” I created a version of FizzBuzz using TDD we now move on to the Acceptance Testing of FizzBuzz, but do we need to?

Sunday, 4 March 2018

TDD - Test Driven Development - Java JUnit FizzBuzz

TLDR; Four JUnit @Test methods to create a FizzBuzz solution using Test Driven Development (TDD) with Java Junit.

TDD Exercise - FizzBuzz

As part of a Sunday Morning practice session I used FizzBuzz as my coding exercise.

I’ve heard that this is used in programming interviews and I so I thought I’d try it.

Friday, 2 March 2018

A practice exploratory testing session - javascript button game

TLDR; Do you practice your testing? One way involves picking a random game and exploiting it.

I decided to record, with commentary, one of my testing practice sessions.

If this proves useful to people then I’ll record more.




Friday, 23 February 2018

Problem Solving as Software Development

TLDR; I can view Problem Solving as Problem Identification, Problem Solution Construction, Solution Evaluation and I can map that on to Software Development to help me communicate in normal language.

I was at the gym and a couple of thoughts came together in my head.

First was the notion that if I want to go meta to what I do in software development testing, then I might view what I’m really involved in as a problem-solving process.

But we know that.


Wednesday, 21 February 2018

Considering a Career in Software Testing?

TLDR; A career in Software Testing is not an ‘easy’ ride, if you are not careful then you can get stuck. But if you work at it then you can make a difference to your company and the community at large.

Are you considering a career in Software Testing? Have you watched videos describing your future job opportunities and the training or roles you have to consider?

Well, this blog post and associated video might help. I’ve distilled my 20+ years of Software Testing and Development experience into some Software Testing Career advice notes.


Tuesday, 16 January 2018

Promoting Evil Tester Talks Conference Talk and Webinar Archive

TLDR; I have an archive of webinars and talks with extra material bundled as a ‘course’.

I updated my “Evil Tester Talks” Online Talk Archive and realised that I hadn’t actually promoted it through my blog. Too busy creating content and writing talks.

But since I just added two talks and one webinar to the archive, it seemed the right time to promote it.


Friday, 12 January 2018

Testability vs Automatability - in theory (Free Bonus Video Inside)

TLDR; Testability is for humans. Automatability (Automatizability) is for applications.

I was doing some research for my upcoming Eurostar webinar and I encountered a few videos and posts of people who were using ‘testability’ to refer to the ability for the application to support automated execution.

I didn’t think that was appropriate. I’d rather distinguish between Testability and Automatizability. The more popular form of Automatizability seems to be Automatability.

Thursday, 4 January 2018

The Evil Tester Show - Episode 004 - New Year 2018

TLDR; Resolutions require resolve. Goals require questioning and testing skills.



The fourth episode. It is available as audio and video covers New Year Resolutions and Asking Effective Questions.

Do you make New Year Resolutions? I set goals that I believe in, then create work plans, and adjust my expectations based on what I do, and I do change my mind based on experience. But I also, use my testing skills to do all of that.


>