Exploratory Software Testing: Tips, Tricks, Tours, and Techniques to Guide Test Design [Paperback]

James A. Whittaker (Author)

Book Description

Publication Date: September 4, 2009 | ISBN-10: 0321636414 | ISBN-13: 978-0321636416 | Edition: 1

How to Find and Fix the Killer Software Bugs that Evade Conventional Testing

 

In Exploratory Software Testing, renowned software testing expert James Whittaker reveals the real causes of today’s most serious, well-hidden software bugs--and introduces powerful new “exploratory” techniques for finding and correcting them.

 

Drawing on nearly two decades of experience working at the cutting edge of testing with Google, Microsoft, and other top software organizations, Whittaker introduces innovative new processes for manual testing that are repeatable, prescriptive, teachable, and extremely effective. Whittaker defines both in-the-small techniques for individual testers and in-the-large techniques to supercharge test teams. He also introduces a hybrid strategy for injecting exploratory concepts into traditional scripted testing. You’ll learn when to use each, and how to use them all successfully.

 

Concise, entertaining, and actionable, this book introduces robust techniques that have been used extensively by real testers on shipping software, illuminating their actual experiences with these techniques, and the results they’ve achieved. Writing for testers, QA specialists, developers, program managers, and architects alike, Whittaker answers crucial questions such as:

 

•  Why do some bugs remain invisible to automated testing--and how can I uncover them?

•  What techniques will help me consistently discover and eliminate “show stopper” bugs?

•  How do I make manual testing more effective--and less boring and unpleasant?

•  What’s the most effective high-level test strategy for each project?

•  Which inputs should I test when I can’t test them all?

•  Which test cases will provide the best feature coverage?

•  How can I get better results by combining exploratory testing with traditional script or scenario-based testing?

•  How do I reflect feedback from the development process, such as code changes?

 

Editorial Reviews

About the Author

James Whittaker has spent his career in software testing and has left his mark on many aspects of the discipline. He was a pioneer in the field of model-based testing, where his Ph.D. dissertation from the University of Tennessee stands as a standard reference on the subject. His work in fault injection produced the highly acclaimed runtime fault injection tool Holodeck, and he was an early thought leader in security and penetration testing. He is also well regarded as a teacher and presenter, and has won numerous best paper and best presentation awards at international conferences. While a professor at Florida Tech, his teaching of software testing attracted dozens of sponsors from both industry and world governments, and his students were highly sought after for their depth of technical knowledge in testing.

 

Dr. Whittaker is the author of How to Break Software and its series follow- ups How to Break Software Security (with Hugh Thompson) and How to Break Web Software (with Mike Andrews). After ten years as a professor, he joined Microsoft in 2006 and left in 2009 to join Google as the Director of Test Engineering for the Kirkland and Seattle offices. He lives in Woodinville, Washington, and is working toward a day when software just works.

 

Excerpt. © Reprinted by permission. All rights reserved.

Exploratory Software Testing

Preface

“Customers buy features and tolerate bugs.”
—Scott Wadsworth

Anyone who has ever used a computer understands that software fails. From the very first program to the most recent modern application, software has never been perfect.

Nor is it ever likely to be. Not only is software development insanely complex and the humans who perform it characteristically error prone, the constant flux in hardware, operating systems, runtime environments, drivers, platforms, databases, and so forth converges to make the task of software development one of humankind’s most amazing accomplishments.

But amazing isn’t enough, as Chapter 1, “The Case for Software Quality,” points out, the world needs it to be high quality, too.

Clearly, quality is not an exclusive concern of software testers. Software needs to be built the right way, with reliability, security, performance, and so forth part of the design of the system rather than a late-cycle afterthought. However, testers are on the front lines when it comes to understanding the nature of software bugs. There is little hope of a broad-based solution to software quality without testers being at the forefront of the insights, techniques, and mitigations that will make such a possibility into a reality.

There are many ways to talk about software quality and many interested audiences. This book is written for software testers and is about a specific class of bugs that I believe are more important than any other: bugs that evade all means of detection and end up in a released product.

Any company that produces software ships bugs. Why did those bugs get written? Why weren’t they found in code reviews, unit testing, static analysis, or other developer-oriented activity? Why didn’t the test automation find them? What was it about those bugs that allowed them to avoid manual testing?

What is the best way to find bugs that ship?

It is this last question that this book addresses. In Chapter 2, “The Case for Manual Testing,” I make the point that because users find these bugs while using the software, testing must also use the software to find them. For automation, unit testing, and so forth, these bugs are simply inaccessible. Automate all you want, these bugs will defy you and resurface to plague your users.

The problem is that much of the modern practice of manual testing is aimless, ad hoc, and repetitive. Downright boring, some might add. This book seeks to add guidance, technique, and organization to the process of manual testing.

In Chapter 3, “Exploratory Testing in the Small,” guidance is given to testers for the small, tactical decisions they must make with nearly every test case. They must decide which input values to apply to a specific input field or which data to provide in a file that an application consumes. Many such small decisions must be made while testing, and without guidance such decisions often go unanalyzed and are suboptimal. Is the integer 4 better than the integer 400 when you have to enter a number into a text box? Do I apply a string of length 32 or 256? There are indeed reasons to select one over the other, depending on the context of the software that will process that input. Given that testers make hundreds of such small decisions every day, good guidance is crucial.

In Chapter 4, “Exploratory Testing in the Large,” guidance is given for broader, strategic concerns of test plan development and test design. These techniques are based on a concept of tours, generalized testing advice that guides testers through the paths of an application like a tour guide leads a tourist through the landmarks of a big city. Exploration does not have to be random or ad hoc, and this book documents what many Microsoft and Google testers now use on a daily basis. Tours such as the landmark tour and the intellectual’s tour are part of the standard vocabulary of our manual testers. Certainly, test techniques have been called “tours” before, but the treatment of the entire tourist metaphor for software testing and the large-scale application of the metaphor to test real shipping applications makes its first appearance in this book.

Testing in the large also means guidance to create entire test strategies. For example, how do we create a set of test cases that give good feature coverage? How do we decide whether to include multiple feature usage in a single test case? How do we create an entire suite of test cases that makes the software work as hard as possible and thus find as many important bugs as possible? These are overarching issues of test case design and test suite quality that have to be addressed.

In Chapter 5, “Hybrid Exploratory Testing Techniques,” the concept of tours is taken a step further by combining exploratory testing with traditional script or scenario-based testing. We discuss ways to modified end-to-end scenarios, test scripts, or user stories to inject variation and increase the bug-finding potential of traditionally static testing techniques.

In Chapter 6, “Exploratory Testing in Practice,” five guest writers from various product groups at Microsoft provide their experience reports from the touring techniques. These authors and their teams applied the tours to real software in real shipping situations and document how they used the tours, modified the tours, and even created their own. This is the first-hand account of real testers who ship important, mission-critical software.

Finally, I end the book with two chapters aimed at wrapping up the information from earlier chapters. In Chapter 7, “Touring and Testing’s Primary Pain Points,” I describe what I see as the hardest problems in testing and how purposeful exploratory testing fits into the broader solutions. In Chapter 8, “The Future of Software Testing,” I look further ahead and talk about how technologies such as virtualization, visualization, and even video games will change the face of testing over the next few years. The appendixes include my take on having a successful testing career and assemble some of my more popular past writings (with new annotations added), some of which are no longer available in any other form.

I hope you enjoy reading this book as much as I enjoyed writing it.

© Copyright Pearson Education. All rights reserved.

Product Details

• Paperback: 256 pages
• Publisher: Addison-Wesley Professional; 1 edition (September 4, 2009)
• Language: English
• ISBN-10: 0321636414
• ISBN-13: 978-0321636416
• Product Dimensions: 7 x 0.5 x 9.1 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 3.6 out of 5 stars  See all reviews (8 customer reviews)
• Amazon Best Sellers Rank: #305,305 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Most Helpful Customer Reviews

39 of 48 people found the following review helpful

1.0 out of 5 stars Not much of value here October 11, 2009

By Joseph S. Strazzere

Format:Paperback|Amazon Verified Purchase

A few years back, I read "How to Break Software" by James Whittaker. I liked it. It wasn't wonderful, but it had a good batch of practical, useful tips. Then I read "How to Break Software Security" and "How to Break Web Software". I liked them as well, but not as much. Still, I figured I'd read James Whittaker's newest book "Exploratory Software Testing". Sadly, the downward progression of his writing continues. This book is by far the worst of the bunch.

Chapter 1 - "The Case for Software Quality" is nothing more than "software is terrific, but it has bugs". That's it, nothing more here.

Chapter 2 - "The Case for Manual Testing" talks a bit about testing, and tries to define exploratory testing. Whittaker's definition has apparently caused some controversy among some well-known practitioners of exploratory testing, so here is his perhaps unique definition:

"When the scripts are removed entirely (or as we shall see in later chapters, their rigidness relaxed), the process is called exploratory testing."

Whittaker then divides exploratory testing into two sections. Exploratory testing in the small is that which guides the tester to make small, distinct decisions while testing. Exploratory testing in the large guides the tester in how an application is explored more than how a specific feature is tested.

Chapter 3 - "Exploratory Testing in the Small" was, to me, the only useful chapter in the whole book. Here Whittaker offers practical advice with examples for thinking about constructing test data, software state, and test environment.

Chapter 4 - "Exploratory Testing in the Large" is where Whittaker dives into what appears to be the point of the whole book - his Tourist Metaphor. Apparently this is a big hit at Microsoft, but I found it pointless. Think about every type of testing you have ever performed. Now try to torture it into a phrase that ends with the word Tour. There you go - that's the chapter.

Just to give you a flavor, here's a list of all these Tours, and their variations:

The Guidebook Tour
Blogger's Tour
Pundit's Tour
Competitor's Tour
The Money Tour
Skeptical Customer Tour
The Landmark Tour
The Intellectual Tour
Arrogant American Tour
The FedEx Tour
The After-Hours Tour
Morning-Commute Tour
The Garbage Collector's Tour
The Bad-Neighborhood Tour
The Museum Tour
The Prior Version Tour
The Supporting Actor Tour
The Back Alley Tour
Mixed-Destination Tour
The All-Nighter Tour
The Collector's Tour
The Lonely Businessman's Tour
The Supermodel Tour
The TOGOF Tour
The Scottish Pub Tour
The Rained-Out Tour
The Couch Potato Tour
The Saboteur Tour
The Antisocial Tour
Opposite Tour
Crime Spree Tour
Wrong Turn Tour
The Obsessive-Compulsive Tour

Perhaps the idea of calling UI Testing a Supermodel Tour appeals to you, and will make for a richer, more productive set of tests. I don't get it. I just don't see any value here. Doesn't testing have enough variation in language and definitions already, without adding this silliness?

Chapter 5 - "Hybrid Exploratory Testing Techniques" tells us that it's acceptable to combine scenario testing with exploratory testing. Then it spends time rehashing each of the tours from Chapter 4 and tries to suggest a side trip for each.

Chapter 6 - "Exploratory Testing in Practice" presents essays written by several Microsoft testers describing how they each used one or more of the tours in a testing situation. It appears as if Whittaker instructed his charges to write a "What I did this summer"-style essay, in the form of "How I used Tours to do my testing".

Chapter 7 - "Touring and Testing's Primary Pain Points" tries to tell us (in a few paragraphs) how to avoid five pain points - Aimlessness, Repetiveness, Transiency, Monontony, and Memorylesness. There's little real instruction here. For example, we are told that in order to avoid repetitiveness, we must know what testing has already occurred, and understand when to inject variation. Uhm, ok.

Chapter 8 - "The Future of Software Testing" has nothing at all to do with the other chapters, or exploratory testing. It's basically Whittaker's gee-whiz vision of what might be possible (some day) in the future. Perhaps. Whittaker has given this talk in several webinars - it's simply rehashed here.

Since these chapters take up only 136 pages, and obviously aren't enough to fill out a real book, three unrelated appendices are bolted on. A few pages about Testing as a career, and a bunch of pages lifted directly from Whittaker's blogs fill out the book to over 200 pages.

If you really want to learn about Exploratory Testing, this is probably not the place. "Exploratory Software Testing" is fluff - stretched and tortured out barely to book-length. There's not much in the way of learning here.

And if Microsoft testers are really instructed to "Tell me what kind of testing you did today, and make sure it ends with the word Tour", then I feel very sorry for them.

5 of 5 people found the following review helpful

2.0 out of 5 stars Limited metaphor for exploratory testing February 2, 2012

By Chris Kenst

Format:Paperback

Some of the first testing books I read were James Whittaker's How to Break Software series. Those books, like this one, are laid out in a practical manner with each chapter focused on a specific attack or approach making them easy to read, reference and apply. Perfect for learning. I picked up this book a few years ago when I started questioning the way I was testing. The material was new to me and made me ask what is exploratory testing and what does touring have to do with it?

According to Whittaker (pg. 16) exploratory testing (E.T.) is testing where scripts or rigidity have been removed (paraphrasing). Whittaker explains his terms "E.T. in the small", decisions made where the scope of the testing is small and "E.T. in the large", decisions made when the scope of testing is large (small might be a screen in an application while large is the whole application). At the end of chapter 3 he mentions E.T. can be done in a way that allows test planning and execution to be completed simultaneously which is one of E.T.s most important aspects and simplest definitions. Touring (as in a tour guide or sight-seeing) becomes a metaphor for and a way to structure E.T.

There are eight chapters in the book plus a number of appendices. In the first few chapters Whittaker discusses what he sees as the case for software quality (the context of the book), introduces E.T. and explains how he uses it, in the small and the large. The next four chapters cover tours he and others have come up with. The last chapter is about how Whittaker sees the future of testing or at least how he did at the time of publishing.

The first appendix, A, is one of the most important parts of the book: building a successful career in software testing. Whittaker talks about how he got into testing and gives some advice on "getting over the hump" to be a better tester. Appendix A is short but worth reading. The rest of the appendices are old blog posts from his Microsoft days.

As a beginner I found this book much more valuable than I do now several years later. I understand E.T. is an approach to testing that can but doesn't necessarily include tours or scripts. It isn't just manual testing either. For reference Michael Bolton (the testing expert - Google developsense) has some good posts in what E.T. is not.

As you might guess from the title of this book it does not do a proper job explaining E.T. in a way that one can use it, aside from following the tour metaphor. In fact after reading it again this book seems to say to the reader: these tours are the best, don't you agree? It's important to understand exploratory testing is about the way you work, and the extent to which test design, test execution, and learning support and reinforce each other.

According to James Bach the term "exploratory testing" was coined and first published by Cem Kaner and has been worked on by Bach, Whittaker and Kaner over the last decade. It seems a bit odd that in a book about E.T. Whittaker never mentions their work and provides no references for the reader to follow up. Apparently Whittaker thinks the easiest way to explain E.T. is through testing tours (hence the book) while Bach has a more direct explanation of (Google this phrase) "what constitutes exploratory testing". I found Bach's post more informative, applicable and frankly cheaper than Whittaker's Exploratory Software Testing book.

Exploratory Software Testing offers a limited metaphor for understanding exploratory testing. It isn't as practical as Whittaker's previous books because you can't apply the teachings very well without fully understanding what E.T. is and how tours fit in. If you only want ideas on how Microsoft's testers used the touring metaphor to "perform" exploratory testing then you'll get four chapters of information otherwise Exploratory Software Testing is worth skipping.

5.0 out of 5 stars Good resource December 31, 2012

By CKlein

Format:Paperback|Amazon Verified Purchase

Whittaker's writing style is easy to read and understand. I'm finding lots of useful information to incorporate in our testing at work.