The document discusses improving technical testing abilities through various concepts such as testability, requisite variety, and continuous learning. It emphasizes the importance of modeling, observation, manipulation, interrogation, and reflection in understanding systems and enhancing testing effectiveness. Additionally, it provides practical tools and techniques for exploring and testing web applications, underscoring the significance of developing one's own models and knowledge in the testing process.

1. Alan Richardson
“How to
Improve your
Technical Test
Ability”
EvilTester.com
SeleniumSimplified.com
JavaForTesters.com
@EvilTester

2. @EvilTester 2

3. @EvilTester 3
What is Testability?
Expanding the requisite
variety of the system to
support testing beyond
that required by the user
https://www.jasondavies.com/wordcloud/#

4. @EvilTester 4
Requisite Variety
Stafford Beer on Variety:
"the total number of possible states of a system,
or of an element of a system"
● Ross Ashby “Only variety can destroy variety”
● Stafford Beer “Only variety can absorb variety”
https://www.youtube.com/watch?v=bDRudRhNgy4

5. @EvilTester 5
Test Ability

6. @EvilTester 6
What is Technical Testing?

7. @EvilTester 7
A reminder to go deeper
● Am I testing at the deep structures of the
system?
● Do I use technical risk to inform my testing?

8. @EvilTester 8
Limiting Beliefs

9. @EvilTester 9
If you choose not to
do the work...
● You will be limited in what you can test
● You will rely on technical people on your
team

10. @EvilTester 10
Our Technical World
Changes All The Time
tagcrowd.com

11. @EvilTester 11
Being Technical
requires constant
learning of new stuff

12. @EvilTester 12
It's hard work
So take it in in small chunks
● What technology do you work with?
● What tools do you use?
● What programming languages?
● What limits your testing?

13. @EvilTester 13
Why do the
work?

14. @EvilTester 14
Why do the work?

15. @EvilTester 15
No, really. Why?
● To test the system more deeply
● Increase more variety into your testing
● Find errors that have escaped notice
● Improve your technical skills and knowledge
● Work more closely with developers
● Find security issues early
● Improve your testing

16. @EvilTester 16
At long
last, the
Secrets of
Technical
Testing are
Finally
Revealed

17. @EvilTester 17
Modelling
“We are powerfully imprisoned in
these Dark Ages simply by the
terms in which we have been
conditioned to think.”
Buckminster Fuller,
Cosmography
http://buckyworld.me/best-bucky-books/

18. @EvilTester 18
Modelling
● Collate your current terms and maps
● Model what you know
● Informal models
– lists of stuff,
– mind map brain dumps
● Research and experiment to expand the
models

19. @EvilTester 19
An early model
Server
EvilTester.com

20. @EvilTester 20
Expand the Browser
Model
Server
JavaScript, CSS,
DOM, Browser
Plugins, Dev
Tools, HTML,
HTML5, Images,
Dynamic HTML,
Async JavaScript,
Local Storage,
Cookies,
Cache, ...
Pick a Few to Start Working
With and Investigate

21. @EvilTester 21
Expand the Message
Model
Server
HTTP, Headers,
Authentication,
TCP/IP, Proxies,
Encoding, HTTP
Verbs,
Responses,
Response Codes
Pick a Few to Start Working
With and Investigate

22. @EvilTester 22
Modelling
“...the prescription for action is
not difficult to understand. First of
all, we need better models of the
components...”
Stafford Beer,
Designing Freedom
http://www.scio.org.uk/node/12

23. @EvilTester 23
Explore the Models
● How can I Observe that?
– What JavaScript files are used?
● How can I Interrogate that?
– What CSS is applied there?
● How can I Manipulate that?
– How can I change the HTTP
message sent?
– How can I change the HTTP
status code received?
These questions
help you identify
tools to use

24. @EvilTester 24
We could use tool capabilities
to expand our models
● Browser Developer Tools:
– Chrome, Firefox, IE, Safari
● HTTP Debug Proxies:
– Fiddler, Charles, Owasp ZAP, BurpSuite
● Plugins:
– FoxyProxy
● Network Sniffers:
– WireShark

25. @EvilTester 25
Observation in Browser
● DOM Rendering
– using a browser
– different browsers
– Change size of window to
check css resizing
– Mobile Device Simulation

26. @EvilTester 26
Observation in Browser
● Can we observe the HTML?

27. @EvilTester 27
Observation in Browser
● How else can we observe the HTML?

28. @EvilTester 28
Manipulation in Browser
● Can I change the HTML?

29. @EvilTester 29
Observation in Browser
● What else can I observe? Traffic?

30. @EvilTester 30
Interrogation in Browser
● Can I see that request in detail?

31. @EvilTester 31
Observation in Browser
● What else can I see?
I can set
breakpoints
too
I can see
the running
code and
variables

32. @EvilTester 32
Observation in Browser
JavaScript level
performance
and profiling

33. @EvilTester 33
Mobile Testing Hints

34. @EvilTester 34
Why Observe?
● Stare in amazement as you see things you've
never seen before
● Use your Google-Fu to investigate this set of
unknown data with online searches
● The more you understand, the richer your
model becomes, and the more you will spot

35. @EvilTester 35
Why Manipulate?
● Change the DOM to explore boundaries the
GUI doesn't normally let you
● Enter values to explore the backend validation
rules
● Get rid of form elements to explore error
conditions

36. @EvilTester 36
Fill in gaps in my model
Server
All of previous
stuff lives here
How can I do
that here?

37. @EvilTester 37
Observation of HTTP Traffic
Dear Google,
How can I
observe HTTP
traffic?
Yours,
Alan
Hi Al an,
Check t hi s
l ot out .
Love,
Googl e

38. @EvilTester 38
Proxies
Server
Fiddler,
Charles,
BurpSuite,
Owasp ZAP
Proxy
FoxyProxy
Browser Plugin

39. @EvilTester 39
Proxies
Server
Proxy
● Repeat Requests (Amended)
● Create New Requests
● Automatically Amend Requests
● Fuzz Requests
● Breakpoint and Amend Requests
● Observe Traffic
● Export for later analysis
● Passively Scan for Security Issues
● Amend Responses
● Simulate Server Errors
● Simulate Slow Networks
● Supply Different Responses e.g. CSS, JS

40. @EvilTester 40
Chaining Proxies
Fiddler BurpSuite
Server
● Site Map
● Fuzzers
● Advanced
Breakpoints
● Easy Config
● Insitu Scripting
● Simple
Breakpoints
● Auto-responders

41. @EvilTester 41
More Mobile Testing Hints
Mobile
Device
Hardware
WiFi
HotSpot
ZAP Proxy
Running
on Mac
Mobile Configured
to use
ZAP Proxy
Makes it easier
for WireShark
on Mac to sniff
mobile traffic
View
Mobile
Traffic on
Laptop
Share
VPN
for Geo

42. @EvilTester 42
Reflection
● Own your models
– e.g.
● Build your own explanations of Page Objects
● Your own models of your system
● Identify gaps in your knowledge
● Identify Tools that help you
● Expand your Requisite Variety

43. @EvilTester 43
Some Recent Tools I Used
● APIs – PostMan, PAW
● Plugins – EditThisCookie, FoxyProxy
● Proxies – Fiddler, Charles, ZAP, BurpSuite
● Dev Tools - Browser Dev tools, ADB (Android)
● SDK - e.g. JDK, MySQL Workbench
● Static Analysis Tools
– Google PageSpeed Tools, FindBugs, PMD, CSS
Lint, Myth (CSS)

44. @EvilTester 44
Some Recent Tools I Used
● APIs – PostMan, PAW
● Plugins – EditThisCookie, FoxyProxy
● Proxies – Fiddler, Charles, ZAP, BurpSuite
● Dev Tools - Browser Dev tools, ADB (Android)
● SDK - e.g. JDK, MySQL Workbench
● Static Analysis Tools
– Google PageSpeed Tools, FindBugs, PMD, CSS
Lint, Myth (CSS)
But It's Not About The Tools
But It's Not About The Tools

45. @EvilTester 45
The Following Book Covers Were
Digitally Butchered during the
Making of this presentation
1961 19571987 1936

46. @EvilTester 46
The Following Book Covers Were
Digitally Butchered during the
Making of this presentation
1961 19571987 1936
Because this is a self-help talk
Because this is a self-help talk

47. @EvilTester 47
The 5 Secret Keys
Which Unlock Your
Technical Test Ability
 Modelling
 Observation
 Reflection
 Interrogation
 Manipulation

48. @EvilTester 48
Alan Richardson
@EvilTester
http://EvilTester.com
http://SeleniumSimplified.com
http://JavaForTesters.com