"Some birds aren't meant to be caged, their feathers are just too bright"- Morgan Freeman, Shawshank Redemption. This blog is from one such bird who couldn't be caged by organizations who mandate scripted software testing. Pradeep Soundararajan welcomes you to this blog and wishes you a good time here and even otherwise.

Saturday, April 18, 2009

Checkmate heuristic :: A security testing attack

It has been five times over the last six months that someone considered hiring me before making a release decision or after getting skeptical about scripted tests.

Amidst recessionary times, someone considered outsourcing some testing work to me from United States. An advanced version of the product was slated for a release in the next couple of days. The United States company had outsourced development and testing work to a Structured Fancy Name Process Following Disciples company who had ran through thousands of tests over it and had achieved >98% test case pass, a week before today.

Someone in the United States company thought they'd like some Exploratory Testing and I got the opportunity to lay my hands on it to perform a Rapid Testing on it. The charter for me was to report any security related threats and usability problems.

I found about 14 potential problems in about 5 hours. On the 6th hour I found 2 more security problems:
  • I could reset the password of any account by tweaking the variables that the client was using to interact with the server.
  • I could stop auto e-mailers reaching any registered mail account in a similar manner as above.
I then tried to reset the password of the dummy account I was using. No e-mail reached me. I then thought, "How about reset of admin account?" and then did the same.

The password was reset and no e-mail reached the admin, as auto e-mailers were stopped. So, I asked the admin of the UnitedStates company to login from his credentials and the response was a pleasent, "What did you do and How did you do that?"

Subsequently, all other users were blocked. Only the admin could release the lock but the admin could not log in to the system. 2 hours of outage till someone got into the database to recover the admin account.

You write a lengthy email, hit the submit button and the application prompts for your Username and Password. You enter them and it says, "Incorrect Username or Password". You attempt to reset your own password but the email does not reach you.


Sunday, April 12, 2009

Bangalore Workshop on Software Testing - BWST - 1

I interact with the Western world as much as I interact with the Eastern part. One of the things that the Western world does well that the Eastern part does not even do (significantly), is Peer Workshops. When I funded myself to be at CAST 08 conference, Toronto Workshop on Software Testing (TWST08 ) was a huge bonus for me. Thanks to Fiona Charles and Michael Bolton for allowing me to participate in it.

My first day at Toronto, Canada started in TWST08 even before I could get over the jet lag. I found that the Workshop was a great way to overcome jet lag. What I learned from TWST is still resonating in me and is of great help to my career.

I cant afford to fund myself to attend such peer workshops every year but I can definitely afford to participate in ones that happen in India. I tried to make testers meet happen in Bangalore when Michael Bolton was around here last time and it did not gain momentum after the first meet. I am forced to think that people turned up to hear Michael Bolton and they would turn up again when he's back. Prove me wrong.

Since then I was in a constant look out to meet people who would turn up for learning and I have found a couple of them. am also aware that there could be more people and that's why I am blogging about it.

There were lots of informal meets between Ajay, Manoj, Shrini, Rahul Verma, Vipul Kocher, Dhanashekaran, myself etc... and we did keep craving for more such things to happen. I think India cant afford to wait more to get started with Peer Workshops and this is an announcement for the same.

Mohan Panguluri, COO, of Edista Testing Institute who was awarded for his Thought Leadership in Software Testing in 2008 has opened up Edista's office premises for this Workshop. He has vowed to provide space to all future BWST workshops. Thanks a lot Mohan. You are setting a great example for other CXO's to follow.

Theme of BWST - 1 : Changing the way people test and think about testing
May 2nd, 2009

I believe that the first testing assignment that anyone did was handled pretty bad by them as compared to what they might be doing after a couple of years. However, growth stops at some point for many testers and only a handful make it to be real good testers. Those who turn out to be real good testers constantly kept changing themselves as they learnt new things and those who turn out to be bad were the ones who hardly changed. In India, we know, some of us struggle to change the environment around us to learn as much as we do.Similarly there are people who without much struggle get the environment around them to feel happy without any learning.

So, you could have changed your way of testing or others way of testing and you could have been resistant to change. Send in an ( one page ) abstract of your experience report that you wish to present at the first Bangalore Workshop on Software Testing by 18 April, 2009 and you will be informed if your talk is accepted for presentation. Failure stories are more inspirational than the success ones. I hope everyone has plenty of both sides.

The max limit is of 10 (maybe 15 if pressure builds) participants for the first BWST and hence if you plan to attend, remember that we work on First come First Serve basis. So, send in your abstracts of your experience report that you wish to present and keep in mind the theme when you do that.

Handbook : Please refer to LAWST Handbook and those that can apply to our context, will. We are flexible in changing things based on our first few Workshops.

Note: This isnt open to testers only from Bangalore. Anyone's welcome.

Also, you can start your own set of peer workshops in anywhere in India ( or anywhere in the world ) and no one is going to stop you. When you start, kindly let me know about it in advance so that I can plan to be there, learning from you all.

Email id to send in your abstracts: banwost [ at symbol ] gmail.com and we will have our own website soon. By May 19th, I will post an update on this and that's how we proceed. Are you going to remain silent? Are you going to change?

Wednesday, April 08, 2009

Change in hiring and interviewing process in India for software testing and software testers

I claim to be one of the most experienced and most affected tester in the context of interview in India and here ( in this link ) is more information about it. After going through that link or this video you would know that I have been struggling to not see another Pradeep Soundararajan in the job market who is frustrated with this industry's idea of interviewing. Edista Testing Institute ( my client and partner ) is constantly pushing towards seeing a better testing community and that's why I chose to work with them.

I consider the following as one of my biggest contribution to the change the industry needs. Most training institutes in India (even the so called highly reputed ones) have people who dont know to test, teaching testing by running a thousand slides. I think they have so many slides that if you run 25 slides a second to watch it like a movie, it still runs for about 2 hours. Such slides have always caused an avalanche slide of many victims career, knowledge and skills.

Edista started to redefine things by hiring me and then allowing me to hire Manoj and then Sharath and then now more people. The last I heard from Manoj is that testers who were interacting with him are now excited about what Manoj is doing and are enquiring what it takes to be able to get skilled in testing.

You might also discover that Manoj has started to publish his practice sessions on testing in his blog.

We sit to gether, test, learn from each other, create exercises, practice pair testing, discover new tools, debate on ideas, think about more heuristics, brainstorm test ideas, discuss about bugs, run a test club ( like the movie Fight Club ), teach people how to learn and then how to test. We are never away from testing and we are never away from anything about testing.

We aren't skeptical about the fact that there could be more people like us and who knows they might be interested to join us. So here goes the job posting for the same: ( and I have posted this in LinkedIn and other communities - please feel free to share this job posting to all other Indian testers )

Consultants in Software Testing and Software Test Education :: Bangalore


Edista Testing Institute ( www.edistatesting.com ) has a couple of openings for Consultants in Software Testing and Test Education.

It wouldn't be wrong if I say, they are looking for people who have the urge to be heroes in software testing. This role demands you to train ( yourself and others ), collaborate with the on going research activities, test products, learn and innovate.

This role also demands you to grow to an extent to be able to contribute valuable things to the testing community and work for its betterment.

About your co-workers:

You would work with skilled testers and brains who constantly engage in learning activities, blogging, discussions, teaching, mentoring, challenge and argue online in testing forums ( like www.testrepublic.com ), offline and reinvent the art of reinventing things in testing.

If you think you wanted to be a hero ( or hero-in ) in software testing and never got the opportunity, here it is.


We'd be glad if you have worked as a tester for a while ( at least 2 - 5 years ) and also be glad if you are willing to travel within India (or abroad ) on short term assignments.

We would prefer you have a degree in Engineering or Science however if you dont have them but have a demonstrated ability of good thinking, we'd be fine.

Interview Process:

Our interview process is cut above all other organizations that neighbor us. We put you in the testers seat, give you time to test a product and have a discussion of your testing based on the report you produce.

We aren't too bothered if you dont know the difference between Sanity testing and Smoke testing because we believe, knowing the difference ( even if it exists ) doesn't make a huge difference.

We aren't bothered if you have a certification in Software Testing or not as long as you are passionate, skilled in testing, and have the fire and fuel to take you a long way. In simpler words, it *doesn't matter* if you dont have ISTQB, ISEB or CSTE certifications.

About Edista:


Time to join:

Immediate is preferred. A little delay is fine if you are stuck somewhere.


Send your profile to : resume@edistatesting.com

If you can crunch your profile in one page, we'd silently thank you for that.

The results so far:

  • We invited about 7 candidates so far who claimed to have energy, passion and demonstrable testing skills.
  • We are seeing great benefits of this approach.
  • It makes us spend 3 minutes ( after a person has finished the test and generated a report ) to know about the claims a tester has made in his profile are fale and a little bit about the organization that said, "Yeah, he can test".
  • We spoke only to one person in depth as his report was quite interesting.
  • We know that we can filter more candidates with lesser time we have and get better ones to work with.
  • It would be dangerous to get a person who cant test and report credibly into any organization that wants to hire testers.
  • Those who fake testing experience fear to even apply or even if they do and by our overlooking we invite them for the testing session, we dont need to spend time beyond 3 minutes post their test.
Testers have to be tested on their testing skills and not on memorization skill. The best test ( based on the current situation ) you could give a tester during an interview is to make him sit on a computer and asking him to test a piece of software by giving a meaningful mission and time to do it.

Side note: Are you planning to be in the supporters list?