Have you ever interviewed 'Testing professionals' whose resume has everything under the sun under testing? While there are exceptions, I have most often seen people who appear for a testing job unprepared for a technical interview. They could answer any number of 'process' or theoritical problems such as what is a black box testing, or integration testing, regression testing etc but when you drill deeper into solving a day to day problem they cannot respond very well.
I'm wondering if it is a chicken and egg problem. The process of quality assurance is not the first in the software development cycle. A test spec often always follows a requirements or functional spec and at that very stage, the tester transforms to someone who is supposed to follow or validate what the developer thought of. Is the test spec always limited by the functional spec's scope? Are we creating/developing testers who just need to validate and need not really invest in understanding the latest technology trends, the latest product vulnerabilities?
Let me give couple of examples.
Ask a question about how would the interviewee test a simple web application that submits a form with two simple fields 'name' and 'address' to a repository at server. More often than not, 90% and above, you will get the first response as UI testing. 'Validate the input fields', 'check for input length' 'check for special characters'.... well, any tester is supposed to have already known the kinder garten stuff of testing. Okay, dwelve a little deeper, ask him/her that you want the interviewee to provide functional examples and bang will come the reply 'check the database and see if the input entered via form is updated properly'. Ask him/her 'do you think data can be entered by other means and you should ensure testing for those conditions', again bang comes the reply 'well, the form should have strict validation and from the server side the database administrator should take precautions'.
I'm yet to see testers talk about vulnerabilities in authentication, input filtering, SQL injection, transport security, error handling etc.
I hope I'm proved wrong. I think 90% of testers are people who do what they are asked to do and the functional spec is an insurance for them against customer defects or hacker attacks.
Check it out - ask an interviewee next time 'How can my Forgot Password feature be exploited'?
Saturday, May 13, 2006
Subscribe to:
Posts (Atom)