Reassemble The Bridge: Weekend Testing 38

Mission: To solve the puzzle with help of a partner.

Puzzle: http://www.crea-soft.com/online-jigsaw-puzzle/jigsaw-puzzles-bridge_l_1.html

Mental Modeling and Approach:

With the image observed for fraction of a second and URL of puzzle read in chat transcription of WT 38, gave an instinct -- what I saw may be bridge with blue sky and greens.

The scattered images pieces appeared to have different colors and boundary shapes. Few image pieces appeared to have same color but varied in its contrast to my eyes. These pieces had pictures that looked like hanging bridge, moving car, green grass and water. This helped to get a picture in my mind with help of the picture I saw, when I browsed the URL of puzzle.

Approach I used to play puzzle was varying one factor at a time and identifying its patterns.


Playing this puzzle helped me to practice and learn:

• Observing.
• Identifying patterns.
• Factoring.
• Reasoning.
• Testing.
  

Weekend Testing report is here. My report is here.

Note: I did not play as per the mission statement. I played puzzle individually.

How safe am I, if I use your application?

Mission:

Find security information which makes the application to loose competition for competitor's similar application.

Application under Test: File Uploading Application.

Session ID: FUA-1

Start Time: 27th March 2010 12:08 PM IST.

End Time: 27th March 2010 3:25 PM IST.

OS: Windows XP SP3.

Browser: Firefox 3.6.2

Anti Virus: Symantec Endpoint Protection.

Context:

Tester has been given just an application release and asked to test it, which is available in market for users. Application owner is expecting information from testing in few hours. The application has demand in market and being purchased by users to upload files to desired FTP sites. In view of the sustenance in competitive market, application owner decides to test for security threats. A tester is assigned with a job to find security loopholes information and to identify how their competitor's similar application withstands the identified security loopholes.

Tester starts learning:

• What the application is?
• What platforms does the application support?
• Why should user this application? What are the benefits of using this application?
• Who are the users of this application and for such applications?
• Who the competitors are, with similar applications?
• How the application is used (or can be used) when available?
• Why they use this owner's application in particular, when other such similar application are available in market?
• What type of files can be uploaded? What is the minimum and maximum file size that can be uploaded?
• When, how and why the application "does not do what it appears to do"?
• How the application "does what it does" and "should do what it is expected to do"?
• How the application is built?
• Any limitation known currently in the way how application appears to work?
• Any defects reports not fixed or deferred or not released with present build? If yes, why?
• Do the users of the application are satisfied using it today and earlier? If no, about what they are concerned in using application?
• Are users looking for new things in application today? if yes, how quick they need it and how they value application if it is available and if it is not available?
• Does application was cracked for license key earlier? If yes, how frequently the license key or file was cracked or generated? If no, did the team at development site tried to do it so and what was the result? What the decision maker(s) decision when license file was cracked or when it was not possible to crack?
• Does application server at owner place was hacked earlier? If yes, how frequently it was hacked? What was the cost of these hacks? If no, did the team at development site tried to do it so and what was the result? What was the decision maker(s) decision when server was hacked or when it was not possible to hack?
• How the sales and revenue for the application has been along with the similar application of competitor's?
• Does all claims of application are met? If not, which claims are not met and for whom? How bad the cost is to them for not meeting the claims? What claims have been met?
• Any records or feedbacks from the users of application are maintained? What those records or feedbacks say?
• What does the customer support feedback say for service being given for application users?

My mistakes in this session:

I was not able to test with all security test ideas I had in test coverage model in given time. Invested time in investigating behavior of application. Need to concentrate and achieve mission in given time by exercising application using test coverage model. Test report can be found here.

I learned whenever we are using anti virus, firewalls, routers, port scanners or any other threat identifying tool, we are using others program code built as an application. These application can have defects within them. The questions that remains now in me is, can an application be easily accessed when unexpected happens to security providing application? If did so, what will it cost the user? If security is understood as freedom from fear, then why many software applications get hacked or cracked? Do software application have no freedom?