No matter how much you probe people who are successful they won't tell you some secrets - not because they don't want to tell you but because they don't all the time recognize the smallest most ignored thing they did great were the secrets.
To me, when people talk about testing skills, they often leave out writing skill. They don't recognize it. Even if they do - there are several forms and forums where testers write and their writing has to vary accordingly to help them influence the project and decisions. Most of us know about bug reporting writing. I don't know of many people who give importance to emailing skill but I attribute emailing skills to be a major contributor to my success so far. In Moolya, we have emailing skill training to everybody and we constantly review good bad and ugly emails to help our folks be better than some of us. At all levels, we keep reporting bad practices on email. Parimala has even used some of my emails to show bad examples in signature section in emails and why it matters to have a signature that helps people reach you when needed.
I was looking into some emails and found a consulting assignment email that I had sent to a client I worked for in 2009 and thought it would be a good idea to put it up for the world. When Parimala reviewed the emails she thought it was brilliant and finally has something to show to testers in Moolya from on the good example side. I asked if I should publish this on my blog and she instantly liked the idea. So, here it goes:
The way I email daily updates is, I go to the previous sent email and send it as a reply to all adding the current day's update. So, if you were to receive a day 12 report, scrolling down, you will see all other day updates. I don't want to give extra gyaan but whatever you can take away from the below email, take it.
Product information, people name, customer names and other confidential information have been changed to not breach the NDA I signed with them.
Day 14:
•
I
couldn't sleep yesterday night after finding those issues. I was excited and
continued testing till about 2 AM from the guest house.
•
Its
pretty exciting to be finding these issues and hoping its of value to you.
•
I
discovered yesterday that Firefox, the application we allow itself is a culprit
that can help users bypass the security. Just launch firefox, type c:\ in the
address bar, enter, you have access. No policy blocks.
•
The
other important issue that I have reported includes user being able to change
the settings of McAfee virus scan itself. I was able to exclude my desktop to
be scanned, downloaded a test virus and it resided without being cleaned or
deleted. I could initiate a scan of registry entries, folders.
•
By
this, I have kind of violated almost all policies set.
Tomorrow,
•
Will be
end of the contract day
•
I am
hoping to report a few more issues that I have been investigating today.
•
I
shall publish to you my test strategy, test coverage, analysis,
suggestions, experience report. As this would take some time to do it, I may
send this early next week.
Thanks,
-- Pradeep
Soundararajan
Day 13
•
Continuing
the investigations on Deskpro, I figured out more vulnerability today. These
are even more serious ones than yesterday's reports.
•
I have access
to all drives now C:\ Q:\ F:\ this time not over command prompt but through
7Zip
•
I could write
into these drives. I have left a file C:\TRU\ called pradeephackedthis.txt
•
I could copy
all visible data to me to my local folders
•
I could view
individual user accounts, settings, what they have on their desktop, what they
have browsed, what cookies are set on their system.
•
I can go write
a cookie into their system and steal all data without their knowledge.
•
I could
install applications into their login. For instance, I put a zip file into
Startup folder of users that when opened contains about 50 MB of data in it.
There is a way to deny users with space.
•
Even if a user
discovers it by accident, rest is going to be excitement for him and
disappointment for us.
•
I could
initiate an install of applications with no restrictions from the GUI itself.
In fact I did end up reinstalling Tomcat.
•
I feel like a
super admin without needing the password or login for it.
•
The thing to
note is: The policy did block me but not all times.
•
There are
other basic functional issues as well that will be reported.
•
These
issues will be reported in Jira tomorrow with necessary screenshots and further
investigation
Thanks,
-- Pradeep
Soundararajan
Day 12:
•
I
continued testing on Deskpro focusing on functional & security issues
•
Users email
ids, login ids can be accessed: this is privacy policy violations. Customers
may sue for privacy violation.
•
Lots of open
source software for windows desktop are bundled in zip file, when downloaded,
all exe run inside zip despite policy restrictions
•
Command prompt
clones run and allow access to C:\ drive
•
I could write
files in C:\Windows & C:\Program Files & System32 folders
•
I could see
the admin policy settings
•
Apart from
these, I have installed software in C:\Program Files which reflects in not just
my account but all users connecting to SRIVER11.
•
So, if 50
users are installing 10 applications, every user may see 500 applications
installed in his login
Tomorrow:
•
Continue
testing Deskpro / Mutro
•
Investigate
and report issues found today in Jira
Thanks,
-- Pradeep
Soundararajan
Hi All,
Greetings!
Hope you had a great weekend and having a good week ahead.
Day 11:
•
The
netbook I had where I was able to delete the Bravo folder had some issues even
after reflashing it. So, about half of the day was spent on waiting
that I'd get the netbook in the next 15 minutes. My mistake, should have gone
immediately to Deskpro from nLive.
•
Post
afternoon, I started testing Deskpro from nLive and found some critical issues
related to privacy of registered users. I could get access to all thousands of
registered users of entire network and their email ids.
•
Beyond
that, I could install applications and it gets reflected in other people's
account as I was able to install it in the C:\Program Files of SRIVER11. So,
when logged in with admin privileges from R account, he could get the
applications I have installed. This is again, in my opinion, something
critical.
•
Apart from
these I have reported a few functional and Usability related issues.
•
I am
hoping to get the netbook again tomorrow, even otherwise I have Deskpro through
nLive.
•
As a side
note, I had some amazing discussion with Architect & insights about Mutro, Deskpro
& iDrive.
Thanks,
-- Pradeep
Soundararajan
Hi All,
Day 9:
•
QA Review
meeting: Thank you for briefing me on what you want me to focus on going
forward. This was important for me to be of value to you.
•
Focus is
on functional problems for 2.0 October release.
•
Prior to
this & post the meeting, I have reported the functional issues I could find
on Mutro
Day 10:
•
Testing
for functional problems and user based scenario problems on Mutro + iDrive
•
Reported a
couple of issues on functionality.
•
Reported a
blocked where after successfully launching iDrive I could move the /home/Bravo
folder to trash, making all applications in Mutro to fail.
•
I have
reported about 19 issues over the last two days and most of them being functionality
related.
Week 3:
•
Focus on
Functionality of iDrive, Mutro and Deskpro
•
Find as
many important problems as possible and report all of them
•
Touch base
with Architect and team on a constant basis.
Thanks,
Hi All,
Today:
•
Worked
entirely on netbook
•
Got the
test login from Admin Personnel for Server 2008 and explored on it for an hour.
•
Covered
areas: toolbar options, zones, user scenarios
•
Found
issues related to Usability, Functionality & User expectation violation
•
Reported
most of the issues confirmed on Jira
•
Rest of
the issues that need investigation shall be reported tomorrow.
Tomorrow:
•
Focus of testing
Mutro shall continue
•
Have asked
Admin Personnel for a few policy changes that would bring Deskpro closer to
what the users might be using it in future to continue my tests on it.
•
QA
Progress meeting with PM, TL, Architect & Admin Personnel
•
Shall be leaving
office in the afternoon
Thanks,
-- Pradeep
Soundararajan
Resending
the same with updated Subject line (Day 7 instead of Day 6 as
per previous email). Sorry.
Hi All,
What I
loved:
•
I loved
the idea of showing what's happening within each zone in the preview mode. For
instance I initiated Deskpro and before it completely launched I opened a new
zone and went to My Zones, I could see what was opening / happening inside Deskpro
in the thumbnail view.
•
That is a
real cool feature to provide to the user especially when you allow them to
preview multiple zones.
Today:
•
I spent
time investigating some of the issues I had found yesterday
•
I did get
Netbook and my testing focus is Mutro / Deskpro on Netbook
•
I reported
issues found on Mutro (Netbook) to Jira
• Dev
2 & I had a bug triage meeting scheduled and this shall be a daily activity
from today. We discussed and scrubbed the issues reported. This activity is
definitely helpful.
•
I also did
test Welcome Bravo on Deskpro launched from nLive and shall investigate the
same on Netbook before logging it in Jira.
•
Some more
security issues to be reported for Infra team
•
Had a
lunch meeting with Admin Personnel on Infrastructure related issues. I learnt
that migration will happen to Windows Server 2008. Admin Personnel communicated
that he would give me a test login that should help me identify risks and
re-test security for Server 2008.
Tomorrow:
•
Wider
& Deeper coverage of Mutro on Netbook with focus towards any kind of issues
that might impact the business or user experience.
Thanks,
-- Pradeep
Soundararajan
Hi All,
Today:
•
As said in
Day5 report, I started with reporting the issues I had found on Friday which
consumed 1/3rd of the time in day.
•
The
netbook had some issues and later was being fixed by Dev 2 so I still haven't
started testing on it but the good thing is I didn't keep mum.
•
I
continued testing Deskpro from my own laptop this time.
•
I
continued performing security & functional tests and found a bunch of
issues again which would go to Jira soon.
Strategy
suggestion:
•
Today's
testing revealed some more security issues related to Deskpro. I could traverse
to get through the Scheduled tasks set on Sriver 11 and could set tasks of my
own. For instance, I could see "Orphan Port Delete" scheduled task
and its frequency.
•
I could
get an option to look at the Windows Terminal Network which is connected to the
Sriver11 although I couldn't see beyond Sriver11 on it.
•
I could
access Microsoft Outlook on Sriver11, set accounts on it or send and recieve
emails.
•
I feel, I
have found enough security issues to help the teams rethink about the policies,
firewall and system settings.
•
Otherwise
it would be same kind of information over loaded.
•
I think I
should focus on other quality criteria henceforth - Functionality & Usability
with less focus on Security.
•
That way,
I can be of more value to you.
•
I am open
to suggestions from you though.
Tomorrow:
•
Report
issues found today with screenshots
•
Should be
getting the netbook and testing Mutro & Deskpro from that.
•
Test for Usability
& Functionality
Thanks,
Hi All,
Friday:
•
The report
I had to send on Friday evening is what I am sending now.
Progress:
•
Was
covering User Experience Testing of Mutro on Cloudbox
•
Found
issues related to User Experience & Flows that users are more likely to hit
upon
•
Focus then
shifted to Penetration testing on Deskpro
•
Some of
the cool security issues were uncovered such as there are competing anti
spyware programs that can be installed which gives us access to kill McAfee and
take much more control over the system.
•
I could
uninstall Winamp, see the process running on SRIVER11, kill some of them, run a
Spyware scan and so forth.
•
Rest
assured, these are going to Jira today.
Today,
•
I shall be
reporting the issues found on Friday into Jira
•
I should
start testing Mutro & Deskpro from Netbook
•
Most
testing from now on would be from the Netbook
•
Focus
remains on User Experience & Security
Thanks,
-- Pradeep
Soundararajan
Hi
All,
Greetings!
Today:
•
Today
started off with a meeting with Tester where he showed me the testing he and PM
had done on Mutro which gave rise to a few more ideas and scenarios for me.
•
I
continued to test on Cloud PC for a while tell Dev 2 came in and we decided to
move to the latest version ( I was testing on RC3 )
•
Post TL
and Dev 2 meeting we decided that the issues I report would be considered for
fixing post the Customer X/CUSTOMER Y release.
•
The
upgrade on cloud PC had some issues so instead of watching it get upgraded, I
started picking up the issues I found yesterday, investigated and reported
them.
•
I was on
the catch up call with CEO, TL and Dev 2.
•
CEO set
the goal for Black Box User Perspective Testing on Mutro
•
I also
continue to add on to my list of the kinds of test coverage we need to be able
to achieve a wider and deeper testing.
•
At about 6
PM my laptop broke (physically), I have now had a temporary fix to it which can
help me continue tomorrow without any significant issues. [ pretty childish? :)
]
Tomorrow:
•
I start
testing Mutro from Tablet PC than Cloudbox
•
I shall
continue to report issues as and when I find.
•
I shall
log the security issues under the about to be created Security section in Jira
Help &
Support:
•
Joining
you people mid way through your journey of Cloudbox and new customer requests,
I am not the best person to be able to judge the priority of the bug, so I
request the help of respective module leads to take a look at the bug reports
at the end of the day and change its priority accordingly.
•
I was
under the impression that I was reporting the severity of the problem and not
the priority because it is only you who understand the business layer who can
set it.
•
So, I
would continue to report issues with my limited judgement and I shall rely on
module leads to change the severity and priority for the issues I report.
•
From my
end, I shall ensure I provide as much evidence as possible to the bugs I
report.
Thanks for
your time and patience that I value,
-- Pradeep Soundararajan
Hi All,
Greetings!
•
I got
access to Mutro today
•
Half of my
time was spent on learning & exploring Mutro & Deskpro through Mutro (
which is towards release 2.0, correct me if I am wrong )
Today
•
I reported
a few issues in Jira & shall start reporting issues to respective projects
henceforth.
•
I found
issues that breach the security policies which I shall be reporting tomorrow
morning into Jira as I am on the final leg of investigation. Issues such as
Bravocentre.exe and Welcome_tillSep08.exe can be copied and transported over
internet and disassembled.
•
TL brought
to my attention of a release being made to Customer X / CUSTOMER Y next week
and set a goal to find issues of Mutro from users perspective of usage that can
be passed to Dev 2 ( did I spell it wrong? )
•
I have
attached the issues I found so far as a text file to this email ( Not to worry
- these will be going to Jira ) and I am set to uncover more such issues
tomorrow.
•
As a side
note: I am dealing with opportunity cost of finding issues versus reporting
them. One takes away time from another.
•
I am
making a list of things to be covered for testing of Mutro as and when I use
it.
Tomorrow's
plan:
•
Continue
testing Mutro and Deskpro for Functional, Usability & Security issues
•
Report
bugs in Jira
•
Sit with Dev
2 once he is back and unlearn things I might have incorrectly learnt about Mutro
Thanks,
-- Pradeep
Soundararajan
Hi All,
Greetings!
•
Mixed day (
No power for first 2 hours and then intermittent day coupled with
some good issues )
•
You would
discover that I am emailing from Bravo id, so I got it and Jira access too.
•
I am
reporting issues in Jira under QA & Testing
Today:
•
Used the
no electricity time to interact with Admin Personnel and understand the
infrastructure and security of the Bravo cloud a little deeper
•
Used the
tea break to discuss with Marketing & Sales team about existing issues.
•
I have
planned to do a paired testing approach with Marketing and Admin Personnel
individually to be able to identify more issues.
•
Post TL's
meeting with CEO, I learnt the focus doesn't need to be on Live as of now and
is on Cloudbox & Deskpro or 2.0 release if I may say so.
•
Post
discussion with Marketing, I identified I would also need a Data card
connection to be able to test from a typical wireless access modelling real
user scenario.
•
TL is
going to help me get a Cloudbox tomorrow and that would also be a part of my
testing from tomorrow.
•
Read the Bravo
Blog
Issues:
•
I have
reported about 10 issues in Jira as of today coupled with testing performed.
•
Some
issues from yesterday's investigation and some with todays. I am covering
security and purpose hand in hand while learning more about the product.
Tomorrow:
•
Waiting to
get my hands on the Cloudbox & continue to increase the test coverage
Thanks for
your time so far,
-- Pradeep
Soundararajan
7 comments:
There are many things I loved about this email chain:
1. Gives a transparent view into a tester's schedule/work on any particular day
2. Express emotions clearly - which help the stakeholders rethink about some bugs
3. Bonding with the team - during coffee, no electricity time and laptop damage time. Demonstrates commitment to work
4. Expressing pain when there is a deviation in mission and quickly recovering from it
5. Reporting bugs with detailed investigation and asking for extra time if needed
6. Highlighting Opportunity Cost
7. Highlighting Value of Testing
In short, this email demonstrates a very high standard of professionalism that every tester must posess!
Btw, I read this email 6 times until now :)
Kudos Pradeep.
Regards,
Parimala Hariprasad
Many thanks Pari. You got me to publish this with the comments you made before I published it. Glad, they are consistent before and after I publish :)
Brave and Bold Attempt Pradeep! Thanks to Parimala for this.
Express emotions clearly..,
It sounds well.. :)
This is a great challenge to narrate a mail while after found bundle of bugs..,
However a Good Tester perform as Good in Hard times too..,
Am on the way i think.., :)
Thank you Mr.Pradeep Soundararajan., Am reading your post again and again to reach my way sooooon :)
Happy Testing :) Happy Day :)
This is cool!
I am going to copy most of the things from here.
Hello Pradeep Sir,
I have just started my career as a Tester and I am really happy that I came across your blogs. Your writing, teachings truly inspires and helps to think and do better. You are doing great for Indian testing industry.
Post a Comment