June 5, 2015

Let's Test 2015: Day 2, Exploring Web App (In)Security

Testability Features by Stefan Thelenius (@StefanThelenius)

Photo from Let's Test Conference Flickr

Good talk for morning session, which gave me a lot of ideas about making testability features in my project (for example, I really like the idea to have some tool, that chooses random document from the DB). Stefan Thelenius showed us testing-application that their developers have made for testing real-application. Interesting thing, that testing-application appears thank to developers, who decided to test more (by them self, not by managers order) and found out that only setup and configurations take half a time. So developers decided to create some application that allows to spend more time on actual testing. A little bit sad, that testers still don't implement new features by them self, but asks developers for that. I think testers should strive to do their tools by them self.

But you should be very careful while implementing testability features – first of all, it shouldn't relate to production anyhow; secondly – usually testability features are not being tested (because of the lack of time), so more complex they are – more chance to get false results.

Exploring Web App (In)Security by Bill Matthews (@Bill_Matthews) and Dan Billing (@TheTestDoctor)

I am interested in security for about a year now. I remember great session of Dan Billing about New Adventures In Security Testing on previous Nordic Testing Days 2014. So, when I saw this workshop and Dan's name I immediately knew that want to join it. And my knowing didn't let me down – it was really useful and interesting full-day workshop.

Thanks to this workshop I have a long backlog of security things (test cases and tools), that I'm going to try at my work. I heard about them quite a long time ago, but now I have an idea about how actually use them.

During this workshop we had a lunch, where Baldvin Gislason Bern said interesting thing: statistics works only once, because further data begins to adjust to the metrics.

Cynefin Sensemaking Surgery by Duncan Nisbet (@DuncNisbet)

Photo from Let's Test Conference Flickr

Duncan Nisbet told us about interesting framework Cynefin (kʌnɨvɪn) and we even did some exercises, but I'm not still sure how to use it in real life. Agree, that it can add some sense in some hard situations, but its implementation is still quite vague to me. Or maybe I was still thinking about security and didn't hear important explanations.

One interesting (in some sense even philosophical) thing about transactions between different domains. There are 5 domains in Cynefin framework: Complex, Complicated, Chaotic, Obvious and something between them all. You can move through these domains, but there is one special boundary between Chaotic and Obvious – if you believe that all things are simple you can crush into chaos and it's nearly impossible to go back to Obvious domain (usually from Chaos you move to Complex). Other boundaries allow transactions.


After all workshops open bar and TestLab again.

Photo from Let's Test Conference Flickr

See posts about other days:
Let's Test 2015: Day 1
Let's Test 2015: Final Day 3


  1. Hi Irina, thanks for the mention in the write up!

    I agree, understanding how we can apply the model in context has been the biggest headache for me. It's taken me a fair while to get to the understanding I have now (admittedly only a fraction of the knowledge I'd like to have)

    It was also a relatively heavy topic after a day of workshops so thank you for sticking with it!

    I'm happy to chat if you want to discuss further.


    1. As for ideas for applying the framework, I find it useful for discussing problems in retros as well as questioning & understanding the feature we're about to develop in kick-offs (as per Liz Keogh's estimating complexity ideas)

    2. Thank you for reply and helpfulness! I have plans to investigate this framework using some materials available in web and if I have questions I'll turn to you.

  2. "dev2one" Software Testing Foundation training courses introduce students to the fundamentals of software testing, including the reasons for carrying out tests, basic test processes and the general principles that underpin testing good practice. Knowing these principles, and understanding how they affect the software tester, is crucial to passing the "dev2one" Software Testing Foundation exam.