tag:blogger.com,1999:blog-21132099.post3551845953346755268..comments2023-09-01T13:36:59.610+05:30Comments on Tester Tested !: Checkmate heuristic :: A security testing attackPradeep Soundararajanhttp://www.blogger.com/profile/17849721523107325938noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-21132099.post-34951500528710777852009-05-18T13:58:00.000+05:302009-05-18T13:58:00.000+05:30@Santosh,
Nice blog with good content. Can you wr...@Santosh,<br /><br /><I>Nice blog with good content. Can you write about your real time experience regarding automated testing.So that it will be beneficial to candidates who know about automated testing but never tried in real time.</I>Oh, I have and will.Pradeep Soundararajanhttps://www.blogger.com/profile/17849721523107325938noreply@blogger.comtag:blogger.com,1999:blog-21132099.post-20809040018996201892009-05-18T13:56:00.000+05:302009-05-18T13:56:00.000+05:30Hi
Nice blog with good content. Can you write abo...Hi <br />Nice blog with good content. Can you write about your real time experience regarding automated testing.So that it will be beneficial to candidates who know about automated testing but never tried in real time.santosh shindehttp://qtptestingtricks.blogspot.com/noreply@blogger.comtag:blogger.com,1999:blog-21132099.post-90660343560379258112009-04-19T14:01:00.000+05:302009-04-19T14:01:00.000+05:30@Anonymous,
Can you elaborate this in more detail...@Anonymous,<br /><br /><I>Can you elaborate this in more detail - coz I have a serious doubt on the developers skill - and the architecture of the application if what you said is correct.</I>Some systems have a feature provided to turn off all auto e-mail notifications. Its similar to a situation where you register on a new website and there is an option for you to switch off all update e-mails to you.<br /><br />Nothing about developers skill though, I think. However being able to allow me to switch off is probably a different kind of problem.Pradeep Soundararajanhttps://www.blogger.com/profile/17849721523107325938noreply@blogger.comtag:blogger.com,1999:blog-21132099.post-24665611776362171872009-04-19T13:59:00.000+05:302009-04-19T13:59:00.000+05:30@Philk,
Would love to read a follow-up post where...@Philk,<br /><br /><I>Would love to read a follow-up post where you go into more detail on your heuristics on tests that scripted testers avoid.<br />Very interesting post</I>Yeah, the comment from Anna made me more conscious of what was running on my mind.<br /><br />I am hopeful to follow up.Pradeep Soundararajanhttps://www.blogger.com/profile/17849721523107325938noreply@blogger.comtag:blogger.com,1999:blog-21132099.post-81285210976200039492009-04-19T13:53:00.001+05:302009-04-19T13:53:00.001+05:30I could reset the password of any account by tweak...I could reset the password of any account by tweaking the variables that the client was using to interact with the server.<br /><br />- Can you elaborate this in more detail - coz I have a serious doubt on the developers skill - and the architecture of the application if what you said is correct.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-21132099.post-41349658099097616392009-04-19T13:53:00.000+05:302009-04-19T13:53:00.000+05:30Would love to read a follow-up post where you go i...Would love to read a follow-up post where you go into more detail on your heuristics on tests that scripted testers avoid.<br />Very interesting postPhilhttps://www.blogger.com/profile/00281118161548464012noreply@blogger.comtag:blogger.com,1999:blog-21132099.post-15815100747944276312009-04-19T10:39:00.000+05:302009-04-19T10:39:00.000+05:30@Anna,
Wow. That's an interesting idea - tests th...@Anna,<br /><br /><I>Wow. That's an interesting idea - tests that testers avoid scripting. As a scripted tester, that's a blind spot that I hadn't really considered before.</I>Also, there are way too many blind spots for a scripted tester.<br /><br />For instance, if you are using Gmail, and I ask you, "What is there on the right bottom of the screen when you logon to Gmail?", What's your answer?<br /><br />I see scripted testers are finding stars through a telescope and that's a bad idea of finding many stars.<br /><br />An investigation might need a telescope.Pradeep Soundararajanhttps://www.blogger.com/profile/17849721523107325938noreply@blogger.comtag:blogger.com,1999:blog-21132099.post-76465896244668803422009-04-19T09:31:00.000+05:302009-04-19T09:31:00.000+05:30A good use-case of testers tested by someone.
Inv...A good use-case of testers tested by someone.<br /><br />Investigation followed by "abuse" cases is the real way to find (and exploit) the vulnerabilities, and there is only a very tiny percentage of scripted test suites that cover such abuse cases.<br /><br />Ashwin Palaparthi,<br />apalaparthi.blogspot.comAshwin Palaparthihttps://www.blogger.com/profile/05858387505767664828noreply@blogger.comtag:blogger.com,1999:blog-21132099.post-50725951279289176832009-04-19T06:08:00.000+05:302009-04-19T06:08:00.000+05:30Wow. That's an interesting idea - tests that test...Wow. That's an interesting idea - tests that testers avoid scripting. As a scripted tester, that's a blind spot that I hadn't really considered before.<br /><br />I wrote a <A HREF="http://www.softwaretestingclub.com/forum/topics/ouch-just-got-poked-in-a-blind" REL="nofollow"> post</A> over in the Software Testing Club about it.Annahttp://www.softwaretestingclub.com/profile/AnnaBnoreply@blogger.comtag:blogger.com,1999:blog-21132099.post-62293554265482996952009-04-19T00:13:00.000+05:302009-04-19T00:13:00.000+05:30what was going on in your head when you found "abo...<I>what was going on in your head when you found "about 14 potential problems in about 5 hours. On the 6th hour I found 2 more security problems" that ~50 people that tested before you missed out. What was your thought process or the approach that led you to these bugs?</I>A number of heuristics and oracles constantly run in my mind with a focus on the coverage I am able to achieve. I probably think that was one of the things going on.<br /><br />Another thing is, I having been a scripted tester and having burned my hands on it, I make guesses of what kind of test cases will testers avoid writing and those form a set of heuristics for me.<br /><br />So, those are some of the things that I can remember of.Pradeep Soundararajanhttps://www.blogger.com/profile/17849721523107325938noreply@blogger.comtag:blogger.com,1999:blog-21132099.post-75487898147181026982009-04-18T23:44:00.000+05:302009-04-18T23:44:00.000+05:30Great work Pradeep! what was going on in your head...Great work Pradeep! what was going on in your head when you found "about 14 potential problems in about 5 hours. On the 6th hour I found 2 more security problems" that ~50 people that tested before you missed out. What was your thought process or the approach that led you to these bugs?Anonymousnoreply@blogger.com