Skip to main content

When Test Automation Fails and exploratory Testing rocks

This post describes how I discovered a defect which allowed me to gain higher privilege than I was supposed to as a normal user. When testing an application I came across a use case when a privileged user would be allowed to delete a team and non privileged user would not be. Delete operation is controlled by displaying of a link. This is how it looks like for a privileged user -

Screenshot from 2016-05-30 15:37:05.png

And this is how it look for a non privileged user -

Screenshot from 2016-05-30 15:38:02.png

Here “Delete team” link is missing for non privileged user.

Having a look at html source code, I found following for the privileged user -

<a class="delete right" data-bind="if: teamProfile().type() != 'official', click: deleteTeam" href="" title="Delete this team">Delete team...</a>

And following for the non privileged user -

         <a class="delete right" data-bind="if: teamProfile().type() != 'official', click: deleteTeam" href="" title="Delete this team"></a>

The only difference is the missing inner text for delete link for non privileged user. Hence I modified the delete link of non privileged user as -

<a class="delete right" data-bind="if: teamProfile().type() != 'official', click: deleteTeam" href="" title="Delete this team">Delete</a>

This brought the Delete link on front end which was missing on previous snapshot -

Screenshot from 2016-05-30 15:45:21.png

When clicked on Delete link then voila, I got the confirmation prompt message of team deletion -

Screenshot from 2016-05-30 15:45:50.png

I was automating this use case by verifying the absence of delete link for non privileged user. Which would run perfect without reporting any bug. But we can see from example above that doing a little exploratory testing helped uncovered a defect which would have been missed from automated tests :-)

Do you have a similar story to share when automated testing helped you uncover a defect?

Popular posts from this blog

Distributed Load Testing with JMeter

Distributed Testing with JMeter When one JMeter client is not able to offer amount of threads required for load testing then distributed testing is used. In distributed testing - One instance of JMeter client can control number of JMeter instances and collect data from them Test plan does not need to be copied to each server, the client sends it to all servers note - JMeter will run all the threads on all the servers, hence 100 threads on 5 JMeter server would pump 500 threads in total. If many server instances are used, the client JMeter can become overloaded and so the client network connection. This has been improved in latest versions of JMeter by switching to Stripped modes, but you should always check that your client is not overloaded When Client (master) and Server (slave) nodes are on same network (no SSH required) Configure Client Node Herein client is referred as the machine controlling test execution on other JMeter nodes. This is also referred

Appium and android mobile app automation

Next appium and Android mobile app automation video tutoria l is live. If you are new to appium then please check - appium-tutorial This video tutorial covers - Start vysor (Just for this session and not mobile automation :)) Start appium and start appium inspector Desired Capabilities platformName - Android deviceName - L2N0219828001013 (as seen on "adb devices") Saved Capability Sets Start Session Scan app elements using appium inspector Get appPackage and appActivity using "APK info" app Install "APK info" app and open app whose appPackage and appActivity are required i.e. calculator Check top section of app icon is app package is app activity testng.xml file settings for running Android app tests Test details and CalculatorScreen class View beautiful STF test report  

Verify email confirmation using Selenium

Note: If you are new to java and selenium then start with selenium java training videos .     Email confirmation seems to be integral part of any registration process. I came across an application which lets you provide your email address. You can follow the sign up link in you mail and then complete the registration process. Lets consider we provide GMail address for it. Now if were to use only Selenium then we would have to follow following steps - Launch GMail using Selenium; Some how search for new mail in the list of available mails; Some how click on it; Parse the mail message; Get the registration link; Follow up with registration process What do you think of an approach in which you can