About the Author
James Whittaker has spent his career in software testing and has left his mark on many aspects of the discipline. He was a pioneer in the field of model-based testing, where his Ph.D. dissertation from the University of Tennessee stands as a standard reference on the subject. His work in fault injection produced the highly acclaimed runtime fault injection tool Holodeck, and he was an early thought leader in security and penetration testing. He is also well regarded as a teacher and presenter, and has won numerous best paper and best presentation awards at international conferences. While a professor at Florida Tech, his teaching of software testing attracted dozens of sponsors from both industry and world governments, and his students were highly sought after for their depth of technical knowledge in testing.
Dr. Whittaker is the author of How to Break Software and its series follow- ups How to Break Software Security (with Hugh Thompson) and How to Break Web Software (with Mike Andrews). After ten years as a professor, he joined Microsoft in 2006 and left in 2009 to join Google as the Director of Test Engineering for the Kirkland and Seattle offices. He lives in Woodinville, Washington, and is working toward a day when software just works.
Excerpt. © Reprinted by permission. All rights reserved.
Exploratory Software Testing
“Customers buy features and tolerate bugs.”
Anyone who has ever used a computer understands that software fails. From the very first program to the most recent modern application, software has never been perfect.
Nor is it ever likely to be. Not only is software development insanely complex and the humans who perform it characteristically error prone, the constant flux in hardware, operating systems, runtime environments, drivers, platforms, databases, and so forth converges to make the task of software development one of humankind’s most amazing accomplishments.
But amazing isn’t enough, as Chapter 1, “The Case for Software Quality,” points out, the world needs it to be high quality, too.
Clearly, quality is not an exclusive concern of software testers. Software needs to be built the right way, with reliability, security, performance, and so forth part of the design of the system rather than a late-cycle afterthought. However, testers are on the front lines when it comes to understanding the nature of software bugs. There is little hope of a broad-based solution to software quality without testers being at the forefront of the insights, techniques, and mitigations that will make such a possibility into a reality.
There are many ways to talk about software quality and many interested audiences. This book is written for software testers and is about a specific class of bugs that I believe are more important than any other: bugs that evade all means of detection and end up in a released product.
Any company that produces software ships bugs. Why did those bugs get written? Why weren’t they found in code reviews, unit testing, static analysis, or other developer-oriented activity? Why didn’t the test automation find them? What was it about those bugs that allowed them to avoid manual testing?
What is the best way to find bugs that ship?
It is this last question that this book addresses. In Chapter 2, “The Case for Manual Testing,” I make the point that because users find these bugs while using the software, testing must also use the software to find them. For automation, unit testing, and so forth, these bugs are simply inaccessible. Automate all you want, these bugs will defy you and resurface to plague your users.
The problem is that much of the modern practice of manual testing is aimless, ad hoc, and repetitive. Downright boring, some might add. This book seeks to add guidance, technique, and organization to the process of manual testing.
In Chapter 3, “Exploratory Testing in the Small,” guidance is given to testers for the small, tactical decisions they must make with nearly every test case. They must decide which input values to apply to a specific input field or which data to provide in a file that an application consumes. Many such small decisions must be made while testing, and without guidance such decisions often go unanalyzed and are suboptimal. Is the integer 4 better than the integer 400 when you have to enter a number into a text box? Do I apply a string of length 32 or 256? There are indeed reasons to select one over the other, depending on the context of the software that will process that input. Given that testers make hundreds of such small decisions every day, good guidance is crucial.
In Chapter 4, “Exploratory Testing in the Large,” guidance is given for broader, strategic concerns of test plan development and test design. These techniques are based on a concept of tours, generalized testing advice that guides testers through the paths of an application like a tour guide leads a tourist through the landmarks of a big city. Exploration does not have to be random or ad hoc, and this book documents what many Microsoft and Google testers now use on a daily basis. Tours such as the landmark tour and the intellectual’s tour are part of the standard vocabulary of our manual testers. Certainly, test techniques have been called “tours” before, but the treatment of the entire tourist metaphor for software testing and the large-scale application of the metaphor to test real shipping applications makes its first appearance in this book.
Testing in the large also means guidance to create entire test strategies. For example, how do we create a set of test cases that give good feature coverage? How do we decide whether to include multiple feature usage in a single test case? How do we create an entire suite of test cases that makes the software work as hard as possible and thus find as many important bugs as possible? These are overarching issues of test case design and test suite quality that have to be addressed.
In Chapter 5, “Hybrid Exploratory Testing Techniques,” the concept of tours is taken a step further by combining exploratory testing with traditional script or scenario-based testing. We discuss ways to modified end-to-end scenarios, test scripts, or user stories to inject variation and increase the bug-finding potential of traditionally static testing techniques.
In Chapter 6, “Exploratory Testing in Practice,” five guest writers from various product groups at Microsoft provide their experience reports from the touring techniques. These authors and their teams applied the tours to real software in real shipping situations and document how they used the tours, modified the tours, and even created their own. This is the first-hand account of real testers who ship important, mission-critical software.
Finally, I end the book with two chapters aimed at wrapping up the information from earlier chapters. In Chapter 7, “Touring and Testing’s Primary Pain Points,” I describe what I see as the hardest problems in testing and how purposeful exploratory testing fits into the broader solutions. In Chapter 8, “The Future of Software Testing,” I look further ahead and talk about how technologies such as virtualization, visualization, and even video games will change the face of testing over the next few years. The appendixes include my take on having a successful testing career and assemble some of my more popular past writings (with new annotations added), some of which are no longer available in any other form.
I hope you enjoy reading this book as much as I enjoyed writing it.
© Copyright Pearson Education. All rights reserved.