Disclaimer: I am not an expert in Agile but after working for 9 years in IT industry, I have some understanding about good vs bad agile.
You can have your own definition of Agile until it respects the principles in Agile Manifesto. There are million ways to define Agile. For today, Let’s just focus on ‘What Agile is Not’.
Agile is not an excuse to replace documentation.
Agile does not mean that you don’t need planning.
Agile is not a fancy word for iteration of mini waterfall.
Agile does not mean building non-functional increments.
It does not mean zero planning for architecture design.
Agile is not an excuse for poor quality.
It’s not a reason to not do exploratory testing. I cannot stress more on this.
I was thinking yesterday how test engineering or any other type of engineering helps to make people life’s easier because, in the end, it is all about humans. No?
When you want to know how things really work, study them when they’re coming apart. – William Gibson, Zero History
And, then I found out a story from my own life.
This is a true story from three years back. One fine evening, after work I was chatting to my husband and during the conversation, he said that he had received an email from his bank saying that his account was attempted for hacking and advising that he should change his banking details (reset password basically).
The whole thing sounded a hack attempt and I asked him to show me the email.
The email was looking fine. Branding was intact and anyone would not catch anything wrong with it. On clicking the image in the email, it took me to a link which had the same branding as bank’s thought the first thing I noticed was the URL. Link had the bank’s name in it but there was extra text appended to it. That was the first alarm.
Second alarm: The URL was not an https.
I asked husband to log into the bank’s official website (typing the URL in a browser) and observed the behaviour of requests made in the browser on form submission. The requests made when the form was submitted, were not sending any form data in form requests such as POST.
Next Step.
I went to the link which came as part of the email. It had two forms. First was taking personal details and the second form was taking bank account details with the change password field. A third alarm was, form data being sent with the first form. I was able to see the data in requests.
How does form data look? Let’s say you have a html form with two input fields Username and Password and a Login button to submit the form. Looks like the below image.
login form
When you click Login button, if form data is being sent, you will see FormData as part of your POST request which will look like a key value pair.
How FormData looks with network request
Did not submit the second form because your bank NEVER asks for card details/pin/password etc. and it looked like someone was trying to make a Phishing attempt.
What is Phishing?
Phishing is a fraud attempt to steal sensitive personal information. Example of sensitive information can be your username/passwords/banking details etc. Often malicious attackers use Phishing to distribute malware as well.
Phishing is used to deceive users and exploits the leaks in your website security. Emails are sent by hackers that contains the link to a fake site in order to capture the sensitive data and branding of the org (such as your bank) is used to deceive users. There are other techniques used as well for a phishing attack such as Voice and SMS Phishing.
Was it a hack attempt?
Yes, It was. After few days, We heard the news that few other people who had the salary account in the same bank, lost money as accounts were hacked.
Takeaway
Think about ways how you can use the things you learn every day for good. No knowledge is ever wasted.
If I did not know about OWASP and how social engineering is used by attackers to steal information, I would have never caught this.
Do you have any similar story to tell along the same lines?
Well, I don’t mean watching tests with a cup of tea while they are running. That would be waste of time actually. I meant automating the watching process so it happens automatically.
Why should I?
This is a very important question. Why is the secret ingredient of a curious soul. Enough philosophy. We need to understand though why we might want to do certain things like watching our tests?
There can be many scenarios. One scenario could be that you need to perform some extra action depending on test result status. That extra action could be send test result status to some external api, export log file to a specific location, prepare a text file with failing test’s name and re-run failing test using that text file as input or perhaps, send your test result status to an api which sends some cake to your pro fitness team so more the numbers of failures, more cake your team eats and that will become a driving factor for not letting the build fails. You get the drill.
How do I achieve it?
I am sure every test framework have something to handle this and I will leave to you to explore it for your specific needs.
Let’s explore an example here with regards to JUnit, a popular unit testing framework in Java. We can define Rules in JUnit4 which intercepts test execution and can perform different tasks defined by you. Rule fields need to be annotated with @Rule annotation. For example, you can have a field that defines behaviour in case of test failures, completion etc. and that field can be annotated with @Rule so the rule is applied for all tests in one particular test suite execution.
Example Scenario: If you have used BrowserStack for your test execution, you might know that BrowserStack comes with some REST APIs which can be used for different purposes. Let’s say to update the test name after the test is complete.
To achieve the above scenario, you can have a testRule which creates an object from TestWatcher and the methods from TestWatcher can be overridden. For our scenario, We can @Override finished method and change the behaviour so every time a test method completes, session id in BrowserStack is updated with corresponding test method name. See the gist for code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Similarly other methods from TestWatcher can be overriden.
Conclusion
Overall, it is a very convenient way to perform an action based upon certain test result and can make it very smoother to achieve. TestWatcher sits silently and watches test action without any hindrance to test execution.
![[Bitesize Blog] What Agile is Not!](https://thebespectacledtester.files.wordpress.com/2018/09/coding-924920_19201.jpg?w=825&h=510&crop=1)
The Bespectacled Tester 