Testing and Exploratory Testing

 

A Discussion in The Test Chat

In one of the discussions in The Test Chat on Telegram, the topic was "How to test without an SRS document?"  One pointer put to help in this direction was -- "Even though there is no document, you can find the requirement if you look hard enough." 

This pointer was put as a question asking how it can be done.  Further, the discussions spoke about Testing and Exploratory Testing.  

This discussion brought up the below thoughts from one of a fellow tester:

Only exploratory Testing part can be done when no document is provided , assuming the meaning by looking hard enough may lead to  various assumption 

They are suggesting to look at software under test  hard enough it seems.

And in further points they are saying know your end users and personas which is again product owners job before creating document.

In short :they are saying look hard and create SRS/BRS.

What am I seeing in the above discussions?

There is nothing wrong here with this discussion point.

I see one's learning journey in this discussion.  The good thing is -- the space as The Test Chat is available where one can share her/his thought and discuss.  All of us will have the learning journey and so do I.  It evolves as one shares her/his thoughts like this and opens up to discussion.

If we do not open up to discussion and share our thoughts like this, that's when we are not doing it right.  We have to encourage the discussion, questioning and foster an environment where it is accepted and practiced.  Only then, we will speak our learning and work, and understand it better.

Testing and the Exploratory Testing

I'm sure most of us would have crossed and crossing:

1. The job description, talks, discussion, and tasks assignment having two words -- Testing and Exploratory Testing.
2. The instruction a,s "Do the Testing and then do the Exploratory Testing".  It could also be one of your team members and manager asking "do Exploratory Testing after the regular Testing".

Few of my fellow testers use the word Exploratory Testing and Testing.  I have no problem with it.  When I discuss and write, I use the word i.e., Testing, in my practice.

Here are my thoughts for today from the learning I'm having from my practices:

• I cannot differentiate between the words Testing and Exploratory Testing.  To me, both look similar but an additional word i.e., Exploratory.
• I learn, Dr. Cem Kaner coined the word Exploratory Testing around 1982.
• Each time I test, I explore!  I could not break and create two sessions for Testing and Exploratory Testing.
• Could be there was a need then to differentiate and communicate that testing is and as Exploratory explicitly.  So did he coin the word Exploratory Testing?  I'm not sure!  
• But this has become one of the most misused words today where it is said to do Testing and then do the Exploratory Testing.  That's a different subject altogether to discuss is what I see.
• Testing is exploratory in its nature.

James Bach shared a document having the history of Exploratory Testing definition.  I'm sharing the same here with his permission.  The credits of this document are to James Bach.

Testing with no SRS or BFS

I looked and asked for SRS and BFS documents at beginning of my career.  After a year, I had no SRS documents for the product I was supposed to test.  All I had in my hands were the architecture diagram.  The team did not have the luxury of writing SRS in the timeline it was running.  This helped me to develop a skill -- to test using what I have at my hands; I did not depend on SRS documents.  I see the requirements coming in two forms -- explicit and implicit.  

• Most times, when there are no recorded documents, the documents I make on the product and system as a whole, are used for immediate reference.  Should it be called SRS/BFS?  I do not think so; I would not call it as well.  But it is part of my testing outcome i.e., by-product -- Test Notes.
• Today the FCO i.e., Feature Coverage Outline is spoken very much.  Likewise, KYC -- Know Your Customer (user of a product and stakeholder as well) is also one of the key tasks.  The testing team does this task in modeling the users and their personas so that they derive the test data and figure out the tests and scenarios.
• I have been testing with no SRS/BFS in place.  I will have to figure out what is the expectation somehow.  Else, how will I evaluate?  I use multiple approaches for the same.
• I do not crib anymore if there is no SRS/BFS.  It is one of the contexts in Software Development.  I will have to deal with it while I test and automate.  I also make sure that I'm aligned with the stakeholders for what they want and also with the market fit of the product and the problem it solves.

At this point in Time

I'm also testing for a Machine Learning product today when I write this blog post.   This project has detailed content written on the engineering and architecture of the product.  But there is no SRS/BFS written for the product.  I had challenges for a week in knowing what is what and why it exists.  The architecture content helped me.

I continued to explore the product and system; read the engineering documents and spoke to programmers when I had questions.  This helped me to test this product.  I'm testing it for 4 months now and it does not have SRS yet, though it is an ML product being built and used by customers (technology companies) for 10+ years now.  

The new features, design changes (not the UI), and fixes are being rolled out.  At this point in time, while I'm writing this line, I get a Slack ping saying -- "Upgrading and improvising the algorithm; it will take an hour.".  And another programmer pings saying, "A change in classifying algorithm for correction bug is committed and the pod is up with changes."   I'm not sure what are these changes nor it is documented anywhere. 

I will explore, figure out and test!

The Special Characters and Context

 

On creating a new password be it on a web page or mobile app or desktop application or any interface, we encounter the phrase "special characters".  And, we might see few characters represented as special characters.  Why these characters are named "special characters", here?

The Context

When one mentions "special characters" I learn and associate a context to it.  The context defines the character is special or not.  If so, why certain characters are marked as special characters for the password being created?

The context of web and HTML is a journey and evolution.  The web and HTML that existed 20 years back are not the same today.  It has evolved and so are browsers.  So the other technology i.e. desktop applications and mobile apps.

Special Characters and Context

I learn the context will make a character into a special character.  Then what's a special character?  It is a casually used phrase for the non-alphanumeric character on the keyboard.

Few of us might debate and say -- comma, colon, plus, hyphen or minus, hash, dollar, angle brackets, etc., these are all normal characters though it is non-alphanumeric.  Did people (users of the software) had special meaning for these non-alphanumeric characters in their domain of work?

But the comma, period, semicolon, hyphen, space, dollar, hash, angle brackets, etc., all have specific contextual meanings in HTML and web, and other technologies.  Do you think so?!  

The initial web technologies were not robust as today to sanitize characters and process as we do today.  Could be, for this reason, certain characters were termed as special characters and mentioned what to use and what not to use.  I'm not sure is this the reason but this could be one of the strongest reasons.

Today, the phrase "special characters" is continued to use in all major technology organization's documentation and interfaces.  Is this incorrect?  I don't know.  It helps someone to quickly relate and let her/him decide, is what I see.

Parsing and Context

Entering a password, today we assess the strength of it. There are readily available scripts and libraries that do this job.  Not sure if it was available two decades back.  Other than the security aspect of having better entropy what else is the benefit of having special characters?

Say, the special characters are those which I don't see on the keyboard layout. Then what should I think of the angle bracket (< and >) that I use in an XSS payload on the web page and behind the web page?  Note that the same angle bracket can be used in a password too.

Personally, I feel this is one of the good topics to discuss.  It can lead to learning how we term and use the word or phrase for non-alphanumeric characters.  

I don't know if this discussion is needed or not and how much it helps people who are accustomed to the phrase "Special Characters" for certain characters.  But having one does no harm and it can light up the dark areas which are unseen.

The web and desktop projects in which I worked a decade back, it had the RegEx written in different languages and scripts written in Shell, Perl, and VBScript.  These scripts and RegEx were used behind the interface to parse and validate certain characters' presence and absence.  These characters were termed as special characters in the product and it was on par with the operating system documents for consistency.  Also, there was a unique meaning and purpose for such characters here in this context.

Since these scripts and Regular Expressions were used, the characters that take a special meaning in this context were termed as Special Characters.  To keep everyone who uses the product (engineers, support, and customer) be aware of certain characters, it was termed as Special Characters in the context of product and technology.

Should Change the phrase "Special Characters"?

I don't know!

Look at the context where it is used and what characters are classified as special characters.  Changing the phrase to another phrase or word, does it solve and ease the communication with the product's users and business?  Unfortunately, not all software products might bring this change.  Having different words/phrases in the system, add additional costs?  What are those costs?

All I understand is when certain characters are classified as special characters, I look for

1. The context in which it is classified and why
2. How it is special? 
3. What differences it makes in its presence and absence?
4. Software platform terminologies on which the product runs having such classified special characters

Not fixing nor refining nor refactoring certain existence looks better in few cases!  As a technical person knowing what it is and not, is a need and helps.