Skip to main content

When Test Automation Fails and exploratory Testing rocks

This post describes how I discovered a defect which allowed me to gain higher privilege than I was supposed to as a normal user. When testing an application I came across a use case when a privileged user would be allowed to delete a team and non privileged user would not be. Delete operation is controlled by displaying of a link. This is how it looks like for a privileged user -


Screenshot from 2016-05-30 15:37:05.png


And this is how it look for a non privileged user -


Screenshot from 2016-05-30 15:38:02.png


Here “Delete team” link is missing for non privileged user.

Having a look at html source code, I found following for the privileged user -


<a class="delete right" data-bind="if: teamProfile().type() != 'official', click: deleteTeam" href="https://test.com/" title="Delete this team">Delete team...</a>


And following for the non privileged user -


         <a class="delete right" data-bind="if: teamProfile().type() != 'official', click: deleteTeam" href="https://test.com/" title="Delete this team"></a>


The only difference is the missing inner text for delete link for non privileged user. Hence I modified the delete link of non privileged user as -


<a class="delete right" data-bind="if: teamProfile().type() != 'official', click: deleteTeam" href="https://draft.blogger.com/null" title="Delete this team">Delete</a>


This brought the Delete link on front end which was missing on previous snapshot -


Screenshot from 2016-05-30 15:45:21.png


When clicked on Delete link then voila, I got the confirmation prompt message of team deletion -


Screenshot from 2016-05-30 15:45:50.png

I was automating this use case by verifying the absence of delete link for non privileged user. Which would run perfect without reporting any bug. But we can see from example above that doing a little exploratory testing helped uncovered a defect which would have been missed from automated tests :-)


Do you have a similar story to share when automated testing helped you uncover a defect?

Popular posts from this blog

Selenium Tutorial: Pattern Mathing using Selenium

Note: If you are new to java and selenium then start with selenium java training videos .   I must confess I have never been admirer of Regular Expression but then there are times you can not escape from it, especially while working on a website which has dynamic contents appeared in static text and you want to validate it. like - "Validate that this text appears and there is 123 here and 456 here" And the test condition is 123 and 456 could be any three digits but number if digits should not be more than three. In a crude way we can at least test this - Assert.assertTrue(selenium.getText("elementLocator").contains("Validate that this text appears and there is")); but what if text goes wrong after "and there is"... what if more than 3 digits appear in text. This is where pattern matching/regular expression comes for our rescue and we can use matches method of String class to achieve same. So the assertion would be - String text =

Using chrome console to test xPath and css selectors

Note: If you are new to java and selenium then start with selenium java training videos .       Since the advent of selenium there have been many plugin to test xPath / css selectors but you don’t need any of them if you have chrome browser. Using Chrome console you can test both xPath and css selectors. Launch website to be tested in chrome browser and hit F-12 and you would see chrome console opened in lower pane of application - Hit escape key and console would open another pane to write element locators - And now you can start writing xPath or css selectors in chrome console and test them - The syntax for writing css id - $$(“ ”) And hit the enter key. If your expression is right then html snippet of the application element corresponding to the css selector would be displayed - If you mouse over the html snippet in chrome console then it would highlight the corresponding element in application - If you want to clean console of previously wri

Verify email confirmation using Selenium

Note: If you are new to java and selenium then start with selenium java training videos .     Email confirmation seems to be integral part of any registration process. I came across an application which lets you provide your email address. You can follow the sign up link in you mail and then complete the registration process. Lets consider we provide GMail address for it. Now if were to use only Selenium then we would have to follow following steps - Launch GMail using Selenium; Some how search for new mail in the list of available mails; Some how click on it; Parse the mail message; Get the registration link; Follow up with registration process What do you think of an approach in which you can