Tuesday, 4 December 2018

Technical risk of moving to https

EvilTester.com is a static site built using HuGo
I’ve been meaning to migrate it to https, but haven’t found the time recently.
Today I found the time.

Wednesday, 7 November 2018

Review of 5 of the 28 products in The Ultimate Programmer Super Stack ebook and ecourse Bundle

Review of 5 of the 28 products in The Ultimate Programmer Super Stack ebook and ecourse Bundle

The Ultimate Programmer Super Stack Bundle contains 28 digital products and only costs $47.95, but it ends on the 13th of November.

Tuesday, 6 November 2018

Ultimate Programmer Super Stack

Ultimate Programmer Super Stack

TLDR; 28 books and courses for only $47.95, but only for the next seven days
You can find the full list of books and courses at The Ultimate Programmer Super Stack

Sunday, 4 November 2018

Digital Marketing FIT Small Business Influencers

Digital Marketing FIT Small Business Influencers

TLDR; tips for digital marketing - automate, create fast, promote

Friday, 2 November 2018

Using Postman Snippets

Using Postman Snippets

TLDR; Postman snippets can help us get started with scripting assertions to support REST API Testing

Thursday, 1 November 2018

Instagram Private Information

Instagram Private Information

TLDR: The "Private Information" section of your Instagram profile does not mean that when you switch to a Business account.

Wednesday, 31 October 2018

Friday, 26 October 2018

Amending HTTP Traffic within a Browser - Chrome, Safari, Firefox, and Edge

Amending HTTP Traffic within a Browser - Chrome, Safari, Firefox, and Edge

TLDR: Firefox now lets us Edit and Amend requests in the network tab, for other browsers we can convert to cURL or fetch (or use a proxy)

Wednesday, 24 October 2018

How to take screenshots within a browser - Firefox, Safari, Chrome and Edge

How to take screenshots within a browser - Firefox, Safari, Chrome and Edge

TLDR; All major browsers allow taking screenshots within them. Firefox currently wins with its range of options.

Friday, 21 September 2018

What If Courage was Contagious?

TLDR; Lead without leadership authority by assuming that courage is contagious

I suspect most emotions are contagious. Laughter is contagious. Fear is contagious. Courage is contagious.

All of these I’ve used as tactics in my work communication.

Tuesday, 11 September 2018

What if we don't use the words Verification and Validation?

What if we don't use the words Verification and Validation?

TLDR; Imagine never having to worry about saying “Verification” when you meant “Validation”. Well you can. Write down what the V-words imply, and then use those sentences you wrote down instead.

I’ve been in meetings where people have argued about the words “Verification” and “Validation”. For some reason these words have a high weighting of importance in “The World of Software Testing”.
I have the personal issue that I forget which one is “meeting requirements” and which one is “meeting needs” and have to reverse engineer the words every time I need to use or interpret them.
I’m not the only one, because often I see the questions: “Am I building the product right?” (Verification), and “Am I building the right product?” (Validation).
And I asked myself, “What if I don’t use the words verification and validation?”

Friday, 7 September 2018

The Evil Tester Show Podcast Episode 006 - Workarounds

The Evil Tester Show Podcast Episode 006 - Workarounds

The new "Evil Tester Show" episode covers the topic of Workarounds.
Have you ever used a workaround to get something done?

Thursday, 6 September 2018

Patreon Micro Courses

Patreon Micro Courses

I have created a list of the Micro Courses in the EvilTester Patreon site.
I will keep the list updated as I add new material.

Wednesday, 5 September 2018

Do you answer your own rhetorical questions?

TLDR: Do you ever ask yourself rhetorical questions? If so, try and answer them by building assumptions. Then investigate your assumptions.

Do you ask yourself rhetorical questions?

I suspect most people do.

Leaving them unanswered means not following up on a opportunity for learning that your brain has put in front of you.

Tuesday, 28 August 2018

Test Automation ROI Exercises

TLDR: Rather than discuss ROI in depth, I want to explore how to evaluate ROI for yourself, so I provide some questions as an exercise e.g. “Why do you use ROI?”, “What do you gain?”, “What do you lose?”, etc.

I am often asked about ROI. And I wrote a parody answer. In this post I explore initial beliefs and then questions to explore and expand my model of ROI.

Thursday, 23 August 2018

How To Invest In Testing

TLDR: If you want to invest in yourself, we have books and courses and a patreon page

Finding testing too expensive?

Trying to replace your testers by Automating Testing?

You’re doing it wrong.

Tool vendors want to sell you tools to automate your testing and make testing cheaper - but here’s what they don’t tell you.

Tuesday, 21 August 2018

Click bots for social media and beyond

TLDR: simple click bots from the JavaScript console can make social media and other sites easier to use

Thursday, 16 August 2018

Exploratory Testing Clean Recon Live Example

TLDR: clean recon - using the app to provide knowledge about the app

Using The Pulper v 1.2 I recorded a live recon session to try and create an example of note taking, model building, risk identification and next action identification.

You can repeat the exercise for yourself and see how you get on.

Friday, 3 August 2018

Compendium of Practice Testing Apps version 1.2

TLDR: github.com/eviltester/testingapp new version has more apps

To help you practice your testing I have The Evil Tester’s Compendium of Testing Apps.
One download - lots of apps to practice testing on.

Sunday, 29 July 2018

Exercise - how many ways to count the values in a json array returned from a REST API call?

TLDR: When we use multiple tools and existing tool features, we open up new options in how we approach our testing. This can help us identify workarounds when we identify testability feature requests, and might even remove the need for the testability feature.

I set myself a Practice Test Exercise. You might want to try it yourself before reading the full text of this post.

Thursday, 5 July 2018

Using a Travel Router for Mobile Testing

TLDR; Mobile device connects to travel router making wireshark easy, and easier traffic capture.

I think, although I can’t find the blog post, that I’ve described use of a Travel router for mobile testing before.

But my TP-Link TL-MR3020 no longer seems to work with my Macbook - now upgraded to a newer MacBook Pro with USB-C connectors.

I spent too long trying to get it working so in the end I just bought a new Travel router.

I tried the TP-Link TL-WR802N and now it all works fine.

Tuesday, 3 July 2018

Freemind Scripting for Markdown Presentation Generation

When I was preparing for the London Tester Gathering workshop I decided to try and fix a flaw in my docmentation workflow.

The flaw was - I find it hard to have an overview of my documentation while working with Markdown. I fixed it with Freemind and a custom script.

Live Web Exploratory Technical Testing Session Example

TLDR; Testing driven by technical understanding seeks to observe at multiple levels of the application stack and the testing conducted is informed by identifying risks in a model built by observing the application below the GUI.

I created a short live exploratory testing video using Orange HRM

The video is on YouTube and ad free via Patreon (along with many more exclusive videos and content).

Friday, 22 June 2018

Recording of Agile Tour London Talk from 2017 now available to watch on Infoq

TLDR; Recording of my Agile Tour London 2017 talk is now publicly available on InfoQ

Back in October 2017 I spoke at Agile Tour London on the topic of how Software Testing fits into the Modern Software Development process.

The official video has now been released on Infoq.

My recording with the slides and mp3 downloads are also available on Evil Tester Talks

Monday, 11 June 2018

Notes on Shift Left in Testing and Software Development

TLDR; Notes on Shift Left, where I try to explain why I don’t use the term and what I use instead. Evolve, Grow and Improve rather than Shift and Move

For some reason I’ve had a few emails and linkedin questions asking me what I think about “Shift Left”. I thought I’d put out a public answer.

I’ll start with - I do not use the term “Shift Left” because:

  • It seems like “consultant speak” and, while I’m a consultant, I try to speak clearly
  • It obscures, rather than clarifies, whatever point it is trying to make
  • It makes me think of ‘moving a whole thing’ rather than improving the System
Instead I think of supporting the growth and evolution of a System over its lifetime and I don’t need “Shift Left” to do that.

Friday, 1 June 2018

The Question - Are there any Software Testing super heroes?

I was tidying up some old papers and found an article I had forgotten I had written. “The Question: Are there any Software Testing Superheroes?”

This appeared in the Eurostar magazine that was handed out at Eurostar 2013. I can’t find any mention of this in my blog or websites when I search, so I’m publishing it here, a mere five years later.

Wednesday, 30 May 2018

Google Advanced Searches - Google Dorks

This morning I experimented with some Google searches which can reveal information on public sites.

Inspired by some posts from @Random_Robbie on Twitter

These are now known as Google Dorks.

Tuesday, 15 May 2018

On Hacking and Being Hacked

TLDR; If you self-host a Wordpress site, make sure you can restore from backups and check your site using wpscan and other tools regularly.

Is it irony or synchronicity when you learn hacking in more detail and end up being hacked.

Lessons learned from a WordPress hacking challenge and having your WordPress site hacked.

Wednesday, 9 May 2018

Protect The Square and Buggy Games

TLDR; Some games are not meant to be played, they are meant to be played with.

I recently released “Protect The Square”, which according to my version control system I wrote on 2nd May 2016. I had forgotten about it.

I found it again a few days ago and decided to release it as the technical exploration exercise it was intended for.

Tuesday, 8 May 2018

On CounterString Algorithms

TLDR; Reverse counterstrings are easier to generate. Creating same output forward is harder but might be useful for streaming or files.

I assume everyone has heard of and used CounterStrings. I came across them because James Bach wrote about them and created the perlclip tool to generate them.


Over the years I’ve written a few utilities for generating CounterStrings for a variety of platforms. I had to implement them in Excel once because we weren’t allowed to install any test tools.

Fortunately, with Excel we had VBA and could write anything we wanted.

I’ll describe the steps I’ve taken to create a Predictive Forward CounterString Algorithm.

Friday, 4 May 2018

When Management Systems Restrict Testing - Crowdsourced Functional and Security Testing Mismatch

TLDR; Too many scope and reporting restrictions on testing attenuates both noise and signal.

I’ve tried a few crowdsourced testing environments - as a tester.

And I’ve tried a few crowdsourced security testing bug bounty environments - as a security researcher.

Unfortunately, both of these environments create a management system that limits the defects that can be raised.

  • when taking part in a BugBounty - functional defects are out of scope.
  • When taking part in a crowdsource testing project - so many defect categories are out of scope
If I was a company outsourcing to these programs, I would view that as a risk.

Thursday, 3 May 2018

The Evil Tester Show - Episode 005 - Rejection

TLDR; Everyone experiences rejection. We need strategies for how we respond to it.

The Evil Tester Show Episode 005 covers the topic of Rejection and strategies of how you can cope with it.

Thursday, 26 April 2018

A Compendium of Testing Apps

TLDR; A Compendium of Testing Apps rebadged, re-packaged, new repository, more apps, including REST API testing.

I bundled up a bunch of web pages into a testing app. I have now restructured the code for that application and added in a REST API Test application as well.

I’ve also moved the code to a new repo to make it easier to download. You can find the “Evil Tester’s Compendium of Testing Apps” at
And download from the releases page

Thursday, 12 April 2018

How to use the Source Code for the Book Automating and Testing a REST API

TLDR; download the source from github, open in IntelliJ and amend the IP address, username and password of the VM installed admin user.

I recently realised that I didn’t have a video showing how to download and use the source code for the book Automating and Testing a REST API

Rectified. Now I do.

How to use Test Practice Pages and Games from Evil Tester

TLDR; download the .jar from github, run from the command line, visit localhost:4567, navigate, play and test.

I have written a lot of apps and games over the years to support my training workshops. Most have been hosted on my web sites. Now you can download them all in one easy to use .jar file.

Thursday, 29 March 2018

How to install cURL on Windows

TLDR; cURL requires an install on Windows, but it isn’t always easy unless you use a one-click installer or Chocolatey.

I remember cURL being easier to install than it currently seems to be. I’ve had a few questions from people working through my book “Automating and Testing a REST API” on who were experiencing difficulties installing cURL on Windows. I documented a few different approaches.

Friday, 23 March 2018

Using the Turnkey Linux VM for Tracks Testing

TLDR; Turnkey linux VM for testing Tracks using network settings Bridged, or Host Only.

I normally use VM Ware, but I create a video showing Turnkey Linux and Virtual Box to help people with the network settings.

Tuesday, 20 March 2018

Automated Execution for Acceptance Testing - Java JUnit FizzBuzz

TLDR; The Tester in me was not satisfied by the TDD of FizzBuzz so I expanded the coverage with some simple acceptance testing modeled by automated @Test methods.

Previously on “Testers TDD” I created a version of FizzBuzz using TDD we now move on to the Acceptance Testing of FizzBuzz, but do we need to?

Sunday, 4 March 2018

TDD - Test Driven Development - Java JUnit FizzBuzz

TLDR; Four JUnit @Test methods to create a FizzBuzz solution using Test Driven Development (TDD) with Java Junit.

TDD Exercise - FizzBuzz

As part of a Sunday Morning practice session I used FizzBuzz as my coding exercise.

I’ve heard that this is used in programming interviews and I so I thought I’d try it.

Friday, 2 March 2018

A practice exploratory testing session - javascript button game

TLDR; Do you practice your testing? One way involves picking a random game and exploiting it.

I decided to record, with commentary, one of my testing practice sessions.

If this proves useful to people then I’ll record more.

Friday, 23 February 2018

Problem Solving as Software Development

TLDR; I can view Problem Solving as Problem Identification, Problem Solution Construction, Solution Evaluation and I can map that on to Software Development to help me communicate in normal language.

I was at the gym and a couple of thoughts came together in my head.

First was the notion that if I want to go meta to what I do in software development testing, then I might view what I’m really involved in as a problem-solving process.

But we know that.

Wednesday, 21 February 2018

Considering a Career in Software Testing?

TLDR; A career in Software Testing is not an ‘easy’ ride, if you are not careful then you can get stuck. But if you work at it then you can make a difference to your company and the community at large.

Are you considering a career in Software Testing? Have you watched videos describing your future job opportunities and the training or roles you have to consider?

Well, this blog post and associated video might help. I’ve distilled my 20+ years of Software Testing and Development experience into some Software Testing Career advice notes.

Tuesday, 16 January 2018

Promoting Evil Tester Talks Conference Talk and Webinar Archive

TLDR; I have an archive of webinars and talks with extra material bundled as a ‘course’.

I updated my “Evil Tester Talks” Online Talk Archive and realised that I hadn’t actually promoted it through my blog. Too busy creating content and writing talks.

But since I just added two talks and one webinar to the archive, it seemed the right time to promote it.

Friday, 12 January 2018

Testability vs Automatability - in theory (Free Bonus Video Inside)

TLDR; Testability is for humans. Automatability (Automatizability) is for applications.

I was doing some research for my upcoming Eurostar webinar and I encountered a few videos and posts of people who were using ‘testability’ to refer to the ability for the application to support automated execution.

I didn’t think that was appropriate. I’d rather distinguish between Testability and Automatizability. The more popular form of Automatizability seems to be Automatability.

Thursday, 4 January 2018

The Evil Tester Show - Episode 004 - New Year 2018

TLDR; Resolutions require resolve. Goals require questioning and testing skills.

The fourth episode. It is available as audio and video covers New Year Resolutions and Asking Effective Questions.

Do you make New Year Resolutions? I set goals that I believe in, then create work plans, and adjust my expectations based on what I do, and I do change my mind based on experience. But I also, use my testing skills to do all of that.