The other day I took a small break from a task at hand in office and came across an interesting discussion around Artificial Intelligence and what it should be actually called on Ministry of Testing slack channel. While I enjoyed the discussion it softly drifted towards the use of correct or relevant terminologies while we communicate. While there was an emphasis on the use of correct terms while communicating, there was also a valid concern over audience or listeners pulling things down over minute unintended terminology errors or grammar mistakes. I could relate to both sides of the coin as far as the use of correct testing terminologies is considered and thought of adding my understanding on it.
Fast forward few hours and we all (participants in that discussion) had enjoyed so many thoughts as discussion further shifted to constructive confrontation or healthy communication.
Maciej Wyrodek(@mwyrodek) have already covered the takeaway and part of the discussion over user of terminologies already, let me try taking it ahead. But before that, please read what he said/covered here.
I am again not going to repeat the entire discussion. So the discussion was happening about whether errors over the use of terms should be ignored, ignored temporarily, confronted politely or taken down(no one supports this I believe). It was around both Yes/No and the How part.
- James Sheasby Thomas offered this excellent summary:
“I think that if a discrete group of people are using the same problematic term as a proxy for the same concept, having previously acknowledged that the term itself is problematic/reductionist, then they should be free to use a said term as a shortcut for what they mean. However, if there is some disagreement about the true meaning or concern that third parties may take the term literally or not know the true meaning, then I think it’s important to spend time discussing the naming of concepts. (edited)”
- My thought on the topic:
“Whenever a certain terminology or naming seems to cause harm to a craft, in near or distant future, the healthy debate should happen over it(in a healthy way of course and possibly on a side track to make sure original discussion agenda is not gone and speaker/presenter is not getting negative vibes). Again and again, till the time maximum people take a note of it, understand the intent behind it and adapt to it(hopefully, ideal thing).” *Edited to club multiple thoughts in one para
- @Paulhaulland further added :
“The approach I tend to use when people around me use “sloppy” terminology (or any terminology I disagree with like SQA, Best Practices, Automated Testing, etc.) is to replace their terminology with what I feel is better terminology (Testers, Good practices in this context, automated checking, etc.).
If their use of their terms continues then I will talk to them alone and let them know why I disagree with the terms they are using.
I have found when using this approach at conferences and at my current company that the suggested changes have been very well received at all levels (conference speakers and attendees, and employees from the CTO & VPs, to front line devs, PMs and POs).
I often get an apology from some of the people (especially when referring to my testers as SQA)”
- Augusto Evangelisti(@gus) presented the problem with one example:
Developer X comes to our slack to clarify a problem he has with automation and asks: “Hi tester friends, I have a problem with my automated tests. When I call the API blah blah blah… …can you help me?”
a) Hi Developer X I think that you could use library Y to help you understand the results of your automated tests blah blah blah
b) Testing cannot be automated, you are talking about automated checks, please refer to <long list of blog posts>
c) Hi Developer X I think that you could use library Y to help you understand the results of your automated checks blah blah blah
While most of us will agree on Option ‘C’ here or probably amended version of it with little explanation conveying the intention behind replacing ‘tests’ with ‘checks’, there may be few going for B.
I will like to stress on this part. The problem is not only the criticism or unhealthy feedback over not-so-correct terminologies but it goes all the way till unhealthy communication practices and usual internet/social trolls.
- During the discussion, Gus shared his not-so-positive experience during talks where he unintentionally used ‘tests’ over ‘checks’ and reaction was ranging from hijacking the Q&A section debating over the difference between both and further down.
- @mwyrodek shared his experience of how people will focus on grammar mistakes ignoring the core content at hand and criticise.
- My experience(which I didn’t get chance to share there) is no different. I wrote a very popular guest post on softwaretestinghelp.com and while many loved it appreciated. There was one who found time to say that there is grammatical mistake and content seems to be suitable only for the Indian audience. In another experience when I started blogging and I think it was a very first post of mine which I happened to share mistakenly in one Automation related LinkedIn group where there was someone(Don’t bother to remember who) was quick to take me down like it was a big mistake.
So the point is, why we as a human being become so impatient while listening to others, facing something we are not convinced about or something which doesn’t please us. No one knows the single answer to this probably but similar to how our discussion ended there, below can be the takeaways(mixed with content from the discussion and thoughts currently in my mind):
- We all can be little more patient, polite and aware while we listen, read or face someone’s work/words. Responding over Reacting.
- @mwyrodek shared this wonderful piece. Do read it if you want to improve on constructive confrontation.
- Michael Bolton rightly highlighted the importance of accepting the vulnerability we as a human being have and we should stay aware of it all the time. It helps others form the right(or better) understanding of us/our words. Here he goes:
“As testers, it’s important for us to remember that lots of trivial bugs begin with typos. The _devastating_ bugs begin with misunderstanding. Peace.” He further added- “No matter what it looks like, everyone is trying to be helpful.”
- Martin Hynie(@vds4) says:
“Language is an abstraction… accept the artistry of how others choose to paint their thoughts using words. It may allow you to model your own thoughts with a new set of eyes.”
- We all should(hopefully) agree and stay aware all the time that we are always learning how to do right communication all the time. We all are human and we can make mistakes. Practicing shall improve us.
I hope this documentation of one interesting discussion I had and few additions to it will help in some way.
Loved discussing and loved MoT for giving such an awesome platform to all the testers. Cheers !!!
Note: If at all any typos, errors in framing other’s opinion in words, please help me know those. Needless to say, in healthy words :p
Super excited to share with you all the start of our initiative we talked about before(read here http://bit.ly/2Dt7PKc).
Please show some love and follow us on twitter at-
* The Test Tribe | https://twitter.com/the_test_tribe
* Mumbai Testers | https://twitter.com/mumbai_ttt
Dear #Testers, we will always need your support on this journey more than anything else. Our road-map for both initiatives is shared on individual Twitter handles. Please spend some time to go through it.
Still, to summarize again, we will be focusing more on helping #testers more through collaboration & getting together. The reason being, there already is huge content available online we believe. Thanks to superb work done by #Testing #Community already. We believe that testers(particularly in this part of world) need more in person coaching and engagement than anything else to grow 360 degree.
Good news for #Mumbai based testers : Even though we will try contributing to both initiatives, we will have special focus on helping #testers in and around Mumbai for quite some time.
Much more to come. Stay Tuned.
#Testing #SoftwareTesting #Community #Mumbai #Testers #TheTestTribe #MumbaiTesters #2018 #StayTuned
Continuing with sharing my further experience around Ethical Hacking learning journey.
Was occupied with quite a few things on personal front recently hence couldn’t go with the speed I wanted but could juice out some productivity in the form of some reading and some practical exercises.
On the practical side, tried RCE on few Bugcrowd program sites though couldn’t succeed yet 😐 Also, the learning and discussions journey continued with awesome Santhosh Tuppad. So recently he gave me around ten exercises to crack. Let’s see how I approached them one by one.
In the first exercise, I was supposed to crack username and password of a dummy login page. The hint was left in the source code that Base64 encoded value of username is password. I guess the agenda was to get the learner familiar with the encoding thing and to check whether he/she is checking the source code for hints. It took me a minute or so to use an online encoder to get the password expected value. However, due to some technical glitch in the dummy exercise application, it was not letting me get through(the error was genuine so it looked like expected working where access was denied).
Hence, even though my answer was right, I felt that it is not and kept on searching and trying new things. This technical glitch pushed me a for days where I kept on trying different things to crack through. Below are few things I tried, I know some of them are silly but I tried them anyway.
- Admin as username and password as many sites actually have such password for admin panels
- UserName as username and password, pwd as password (Hint from source code)
- admin / admin123 as username and password (again from past experience and usual username-password patterns)
- santhoshtuppad as username and password
- santhoshtuppad as username and c2FudGhvc2h0dXBwYWQ= as password (The Correct answer, which I got to know only after trying everything)
- comment as password (Hint from source code)
- value of comment encoded in Base 64 as password (Hint from source code)
- empty username, password
- single space as username and password
- Enabled token ID field on UI and tried SQL injection, 1=1′, 1=1–, 2=2–, and others (Tried SQL injection on CSRF token field by enabling it
- Tried SQL Injection on username and password
- Used tamper data plugin to play with parameters passed
- Tampered cookie values
- Added debug points using developer tool trying to understand the flow through script
- Tried changing the method TYPE to GET from POST with same parameters and request data and executed same
- Went through integrated scripts as well
- Tried for context variations, /one/admin
- Looked for XML-RPC
- Knowing MySQL, tried few queries on mysql / information_schema, users table, etc. (as part of SQL injection)
- Tried /exercise/one/admin as well with several credentials
- Tampering the POST request
The goal was to try dummy username and password in all the forms one by one and finding out the best error message and also explaining why other error messages are not recommended.
Here are my findings:
- The password you entered for admin is incorrect.
- Invalid username / password
- Wrong password.
- The username doesn’t exist
I put my money on would be on message#2.
While 3 and 4 clearly tell me if particular username I am using is registered with the system or not, which narrows down my target zone. OR
It might also violate privacy as it tells me if a particular user is present/registered on system or not.
Message#1 is basically an incorrect message as it always throws standard message even if a user is not registered. So this, in turn, might confuse the registered user.
If you are a leader(with a title or without title), I am sure you must be thinking often on how to get your team together. How to juice productivity with visible vibrant energy and free-flowing passion across the team. You must be thinking of conducting some awesome team building activities, present(or receive) content of great help to your entire team so that they would feel that they are learning in some way. My mind is often occupied with such thoughts. Not just because I lead a team, but because I naturally love to push people to get their best, to grow together. And of course, I equally love to learn from the people around me.
Weekly Wednesday session is one of those many initiatives me and my team took as our efforts towards making the above possible. If you do not know what our weekly Wednesday session is about, you can get a glimpse of what exactly it is here. Ok, so I am not really going to directly tell you the ‘how to’ here as the title might have conveyed, but I am surely going to share few practical hints on ‘what can be done’. Wednesday is a fun day for us. It stays eventful and it stays productive. It acts well to burst away midweek blues if any. However, last few sessions were going bit unplanned and though we were having fun, the feeling was there that we can juice more productivity and fun if we plan it properly. Taking people together, engaging the audience is a skill. Content too has to be different.
Time was for me to get the matter in hand. I informed the team that I would be presenting throughout the session and have interesting things lined up for them. We usually meet for around two to two and a half hours every Wednesday, so I wanted to adhere to the schedule and still cover a lot of variety which I want all my team members to focus on too in future. I spent some 45 minutes to put my mind mined stuff into a PowerPoint presentation. Here is what all was there:
- Testing Trends:
I decided to start with something related to Testing. Need and challenge of any IT professional these days is to stay up to date with what is happening in the industry. The case with us, the testers is no different. What could have been a better choice than quick talk around State of Testing Survey 2017? Thanks to PractiTest and Tea-time with Testers for conducting this awesome survey with well defined and well-directed questions. The report talks about many things such as where the overall testing industry is heading, what tools they are using, how important now is to break the comfort zone and learn something new for testers, how the career shifts are happening and so on. If you haven’t had look at it yet, you can check it here.
Got this personalised hand-written pic-note and this #Instagram themed magnet note from couple of my Squad members. They have just left/about to leave my team to take on future goals. Such words coming from someone who have nothing to do with me as far as their immediate professional growth is considered, is much bigger sense of satisfaction and achievement than anything else. The positive impact I created on lives of people around me will always be my favorite achievement.
#FarewellJagrati #FarewellHamza #ThankYou
Hope the post title don’t annoy my wife :p . It shouldn’t I guess, as long as the love is for learning something very good.
We all face dilemmas in a day to day life. Sometimes in personal life, sometimes in professional. In the later category, I was facing one from last many months. And worst part being in dilemma is sometimes you either end up doing nothing or you do both the things. What happens then is you end of thinking about two things and end up working on two as well. This delays your achievement, this reduces or rather diverts your focus frequently. Being someone who always ends up getting a lot of new ideas on daily basis regarding new things to learn, try and implement it sometimes becomes very tough to select one and finish it completely.
The dilemma I am talking about was with respect to the choice of new skillset to learn to advance professionally and to make the days count even better. It was between two things which are booming nowadays and probably they are here to stay- Automation and Ethical Hacking/Security Testing. I worked on both of these and have basic or intermediate knowledge of both. Or you can say I am logically clear on both. But to implement the ideas, solve the problems or make your logic work, you also need to have in depth of technical knowledge of the task at hand, you should know how to. And putting my efforts on both things was delaying my expertise on either.
The choice was finally made as I understood my natural inclination towards the unknown. I am curious by birth, like to explore. So Ethical Hacking was definitely my thing. It’s like an endless road, you can go on and on and on. I have just started on it and will try to share my experience here as I progress. Let’s see how it goes.
It is not necessary to be from software and networking background to learn Ethical Hacking I think but it will definitely help. At least it helps me when I read stories of other hackers or incidents and can understand at least 70-80% of those technically. Again the area to test is so vast that even your preparations or pre-requisites differ according to your target. If you are going to test mobile devices, you will have to gain knowledge around that, if you are going to test web applications your preparations shall differ and so on. I will surely update about what exactly to do and from where to start once I reach some level.
And yes, one more important thing. Did I mention that you should be having a Mentor? It is always necessary and helps a lot with anything in life. I am not saying you should have one for everything, but there should be someone whom you look up to when you do some good work in some field. It is applicable to life in general as well. I am lucky to have few. And here guess with whose help and guidance I am learning to hack? Santhosh Tuppad. If you don’t know him already(which is rare if you are into the testing world), you should read his bio and know about his work.