As testers, over the past 20-30 years, we have (in my opinion) pretty much nailed how to do functional testing, yet so much time and effort is still spent debating things such as the merits of boundary value analysis, trying to create new complicated test models (just read some of the latest testing magazines), and endless discussions over automation tools and approaches etc.
I believe it is all a waste of time that could be better spent elsewhere.
The huge elephant in the room is that we have absolutely failed to make progress across the board with non-functional testing, and I mean the following:
- Performance testing
- Load testing
- Security testing
I have lost count of the testers that come through the door saying that their team only does functional tests, and other testers do performance and load.
I have lost count of the testers that cannot tell me the difference between performance and load testing (seriously).
And dont even get me started on how many know anything about security testing at all.
We have become very complacent, and it is not a good thing.
As a tester, if you do not know anything about performance, load and security testing, then for the sake of your company, your career and for the testing profession, get out there and start reading! I have sympathy for testers who are constrained in their jobs to only do functional testing if another team does non-functional testing, but a tester with any initiative will find a way to learn – on the job or otherwise. Asking for the chance to shadow or pair, or for a secondment is a great start. Just expressing an interest can open doors.
As managers, we need to play our part – push non-functional testing, get training organised where we can (it isn’t always easy, believe me!), encourage the testers to investigate, and start asking for NFR’s. Non functional requirements are like gold dust – people do not know how to define them, but without them we cannot test.
What is the point of developing a web application or a web service if the business owner cannot tell you how many people are going to need to use it concurrently, and what response times you expect. Performance and load testing cant happen if you cant measure the results against expected and acceptable outcomes.
Security is different in that you do not need a business owner to necessarily tell you that they do not want Mr or Mrs Hacker to be able to do a SQL injection! The OWASP Top 10 is a great starting point https://www.owasp.org/index.php/Top_10_2013-Top_10 and the more we read and understand these, the better. Creating a simple set of security tests to run before releasing to Production can and will save a lot of time, effort, money and potential embarrassment.
There is an opportunity for a new tranche of testers to start making their mark by showing that they have more strings to their bow than just functional testing and automation coding – but the question is, are we as an industry ready to encourage them?