Most of the time developers tend to forget some of the most important and crucial facts of the application. What’s that?—– Well to implement a quality product, it doesn’t mean that it should give the output as expected from the Acceptance Criteria.
The first question that should come in their mind is, “Is my code secure or my application is secure”? And that’s where we are here as a QA Analyst to think out of box. Software testers love to think out of box when there is something suspicions in the code.
The common mistake developers tend to do is
- Allow application to enter special characters to some of the most common fields like username, first name, last name and make hackers life easy for cross site scripting.
- Password field are not strong and secure enough as hackers try to fire SQL injection to login into the application.
- When I create an account and I can see the new account is created with a “GET” request and perhaps I can use different actions to change the password or other information.
Take a look at James Bach Example
How do you test this?
“The system shall operate at an input voltage range of nominal 100 – 250 VAC”
So the above requirement is implemented by developer just to check if the system operate with input voltage from the range of 100 – 250 VAC, but wait a minute, Do you observe something here?…. Well what if I test with input voltage 90 VAC. What should happen and what can be the biggest risk?
Ah! this is where the Testers are one step ahead from Developers. They implement what is provided to them and testers observe and find the missing requirement and test it.
James mentioned in one of his video “We don’t like to test beyond the requirement but we love to test what is missing in the requirement”
Most of the time management avoids such small things as it’s either out of scope or above the budget but for us it’s within the scope no matter how much time we spend to play around the application. We are here to discover and prevent the application. We are not in a believe business rather we are in the observation business.
A small message for all QA analysts, do not spend time in testing whats been told or mentioned to you. In fact spend time in understanding how the software has been developed and how can I prevent it by thinking out of the box. It will be done only if you practice practice practice and not just read read and read. If you are a TESTER be proud of it cause we discover many new things and if you are a DEVELOPER you slog time and again on the same thing to implement umpteen times.