If whatever of your respond to the inward a higher house questions is YES, in addition to therefore yous already create risk-based testing! For that matter, spell testing most of the testers create around form of adventure analysis in addition to risk-based testing either knowingly or unknowingly! Doing risk-based testing has around additional benefits also inward add-on to the obvious benefits! I would attempt to evidence my betoken past times a existent life testing experience of mine.
Once I was testing a Login page of an online auction site. The Login Page had iii major fields - User Type (a drop-down listing box), User Id (a text box) in addition to Password (again a text box), which accepted critical user inputs. While testing, I flora that the User Type drop-down list box was accepting text input simply similar a combo-box! In other words, I was able to type text straight into the User Type drop-down in addition to it was accepting it equally legitimate inputs! How would yous guide maintain rated such a behavior? I am non sure if whatever tester would consider calling this anomaly equally a põrnikas at all! At least, I was non ready to log this number into the põrnikas tracker yet, equally I was non comfortable alongside the severity (very low!) of this bug. So I wanted to investigate to a greater extent than on this põrnikas earlier logging it.
1. Since I was able to type inputs into the field, I tried to instruct into around invalid User Types into the land instead of selecting it from the drop-down menu. [FYI, at that spot were iii valid user types – Admin, Power Bidder in addition to Lite Bidder]. I entered a valid User Id in addition to Password in addition to tried to Log In. Thankfully, the application was robust plenty (!) to transcend this essay out in addition to did non allow me to log in.
2. This fourth dimension I entered lot of characters into the driblet downwards text in addition to kept testing. [All this time, I was using valid inputs inward the User Id in addition to Password field]. However, it did non allow me to log in. But I kept increasing the number of characters inward the input text inward the User Type field. The size of my input text was to a greater extent than than 35,000 characters straightaway in addition to bang! I got a “HTTP Error 500 - Internal server error” in addition to the application crashed. Investigating farther revealed that when the input text size went passed 43,679 characters (with spaces), the application invariably crashed alongside an internal server error!
a) Although the User Type land was non supposed to guide maintain whatever text input, even therefore it had got an plainly critical upper boundary, crossing which was resulting inward a crash due to internal server error.
b) Talking almost risk, this mightiness hold off similar an innocent server side error. But equally this crash was resulting from a possible buffer overflow/overrun, the adventure of a breach of organization safety was high. Influenza A virus subtype H5N1 malicious user could guide maintain injected inputs specifically designed to execute malicious code or to brand the computer program move inward an unintended way. The adventure was keen considering the fact that the involved land was meant for accepting “User Types”! Just recollect of a scenario when a hacker would guide maintain exploited the vulnerability past times logging inward the system, imitating an “Admin” user! Once successfully logged inward equally the Admin user, anybody could guide maintain taken command of the entire site! Still worst, existence an online auction site, the fiscal appear of the safety vulnerability was also high to last compromised with.
Look how a seemingly less of import põrnikas (editable drop-down list) was inward fact a serious safety threat equally far equally adventure assessment was concerned. No necessitate to mention, it was considered a elevation priority number in addition to was fixed soon. I am wondering if this number would guide maintain been considered equally seriously, if I had posted it without the associated adventure factor!
This for certain mightiness non last the best instance of a instance where adventure analysis had lot to create alongside the fate of the bug, but I am sure around of yous also mightiness guide maintain faced similar situation. Please experience costless to part your ain storey regarding risk-based testing past times leaving behind a comment.
Happy Testing…