Update Summer 2022
Some links have been moved, hidden behind memberships/payment (for good reasons because they're awesome, just to be clear!) or even become obsolete due to technology shifts. If someone who's more active within testing these days would like to take over this endeavour; just go ahead and pick the contents here; no need for attribution etc.With that said, the vast majority below is still available, relevant, helpful and valuable to testers, it's just that's it's not updated with the latest and greatest anymore.
Intro
This post is an attempt to gather the various tools, tips and sources I've found useful to improve my ability to generate test ideas.Notice that the various concepts described are huge and I will only briefly describe them in this post, it's up to you to learn more and put them into practice. A good start would be to check out the many articles I've linked to.
To developers
Important! The techniques and sources I will describe are just as useful when developing, example:
"This will create a separate log file, what do I need to take into consideration when that file is created..."
If you want to develop high quality software, learn the fundamentals of test design!
Common product risks
Risk catalogsRisk catalogs are lists of generic risks (things to test) in common components/functions.
You will of course need to judge what's relevant in your context and risk catalogs aren't flexible the way actual thinking techniques are but they are still incredibly useful:
- You're not done yet, by Michael Hunter
- A risk catalog for mobile applications, by Ajay Kumar Jha
- Checklist mobile app testing, from TMAP Next
- Several testing checklists, from FYI Center
- Web application testing checklist, by Guru99
- Several mindmaps hosted by TestInsane, by various contributors
- Ready-made 50 Bugs / Test Ideas, by Santhosh Tuppad
- How to test upload features, by Jyothi Rangaiah
- Installation testing, by Jyothi Rangaiah
- Un-installation testing, by Jyothi Rangaiah
- Audio accessibility tests, by Mohit Rajan Verma
- E-mail related tests for web applications, by Santhosh Tuppad
- Testing deactivate account feature, by TestManiac
- Mobile Apps Testing - I SLICED UP FUN - By Jonathan Kohl, by Pranav KS
- Google Play Submission - Human Interface Guidelines, by Prashant Hegde
- Install Risk Catalog (search for "Install Risk Catalog"), by James Bach and Michael Bolton
- Bug taxonomies: Use them to generate better tests, by Giri Vijayaraghavan and Cem Kaner
- Bugs in your shopping cart: A taxonomy, by Giri Vijayaraghavan and Cem Kaner
- Test ideas for a login screen, by Software Testing Club
- Login testing ideas, by Darren McMillan
- OWASP Top 10, by OWASP
- Secure coding practices, quick reference guide, by OWASP
- Test checklist, by OWASP
- Usability guidelines, by HHS
- Usability checklist, by Stay in Tech
- Localization testing checklist, by Hanna Golota
- Performance testing checklist, by SmartBear and Ministry of Testing
Quality characteristics
Quality characteristics, also known as quality criteria or quality attributes, are an attempt to break down quality into meaningful/helpful categories. When generating test ideas these categories help us see the product from different angles.
Generic risks
Some aspects are (almost) always worth taking into consideration when assessing risk e.g. "is this new functionality?" or "does this module have a history of being buggy?". I can't say this information helps me generate new and creative test ideas but it helps me focus my effort on risky areas thus still relevant.
Quality characteristics, also known as quality criteria or quality attributes, are an attempt to break down quality into meaningful/helpful categories. When generating test ideas these categories help us see the product from different angles.
- Software quality characteristics, by Rikard Edgren, Henrik Emilsson and Martin Jansson
- More than one answer; More than one question, by Michael Bolton
- Using quality characteristics, by Rikard Edgren, Henrik Emilsson and Martin Jansson
- Translations of quality characteristics hosted by thetesteye, by various contributors
- Heuristic test strategy model, by James Bach
- Charisma testing, by Rikard Edgren
- Inside the capability characteristic, by Rikard Edgren
- Intertwined SFDPOT & CRUCSPIC STMP, by Rikard Edgren
Generic risks
Some aspects are (almost) always worth taking into consideration when assessing risk e.g. "is this new functionality?" or "does this module have a history of being buggy?". I can't say this information helps me generate new and creative test ideas but it helps me focus my effort on risky areas thus still relevant.
- Heuristic risk-based testing, by James Bach
- Functional testing heuristics, by Joris Meerts
- Generic software project risks, by Construx
Test techniques
Test techniques are sort of "compressed tester mindset". The set of 9 techniques defined in the heuristic test strategy model is my personal favorite but there are many different sets out there.Notice that each technique is way too broad to cover in this blog post but if you want to "learn to think like a tester" I urge you to learn more about and practice them!
Function Testing
Identify and test each function individually.
I prefer to begin with creating a list or mind map of all functions I can identify in whatever I'm about to test. A function in this case is anything the application can do e.g. save a log message, identify that a new version is available or show an error message. To do this, touring is a useful practice described in the links below.
When you've identified the functions, focus on each one individually, example:
"How can delete entry be tested? Successful delete, try to delete an already deleted entry, try to delete when lacking access, stack deletes of the same entry, lose connection to data source when deleting, modified delete request (e.g. SQL injection), potential timing issues, delete different entries in rapid succession, ..."
- BBST Test design (page 46 and forward), by Cem Kaner and Rebecca L. Fiedler
- Heuristic test strategy model, by James Bach
- Touring heuristic, by Michael Kelly
- Lessons learned in software testing (book), by Pettichord, Kaner, and Bach
Identify the input and output data in the application then look at which of the possible values/combinations of values you should test.
After identifying the variable (input or output) to test, you first group the possible values into equivalence classes. The idea is any of the values within each equivalence class should in theory behave the same. The next step is to select one or more values from each class to test. To do this you for instance look at boundary values, high risk values or realistic values. Finally when several variables need to be combined (such as in a typical form) there are various combinatorial techniques to help you find an efficient way (as few tests as possible) to actually combine these values into individual tests with the level of coverage you're aiming for.
Notice! When reading about domain testing you might get intimidated by all the paper work involved: "I don't have time to do all that for a simple form...". For me the detailed analysis on paper is sometimes useful, especially to practice my domain testing skills, but generally I just keep the various techniques related to partitioning (creating and grouping values into equivalence classes) and value selection in my head and apply them "on the fly". Still: I do urge you to sit down and create e.g. a detailed boundary/equivalence table at least a few times because it's key to actually understand domain testing.
For the combinatorial analysis: Remember there are excellent tools!
- An introduction to the theory and practice of domain testing, by Cem Kaner
- BBST Test design (page 362 and forward), by Cem Kaner and Rebecca L. Fiedler
- Examples of domain testing, by Cem Kaner
- Lessons learned in software testing (book), by Pettichord, Kaner, and Bach
Identify various bottlenecks, input that can be sent in huge volumes or that require more computing power than usual, dependencies, communication to external systems etc. and ask yourself how these could become a problem for the application (e.g. flooding of requests, dependencies lacking, slow connections/timeouts/lost packages). Also look into the system's ability to restore itself after collapsing (e.g. will the system come back up after a database crash).
Do notice that stress testing often refers to testing the behavior when actually going beyond a system's breaking point. This is important since if you search for "stress testing" you'll mostly find just a subset of what the test technique "stress testing" is suppose to cover. Try also searching for e.g. "robustness testing", "load testing" and "performance testing".
- Heuristic test strategy model, by James Bach
- Performance vs. load vs. stress testing, by Grig Gheorghiu
- Performance testing guidance for web applications, by Microsoft
- Web load testing for dummies, by Scott Barber and Colin Mason
- Context appropriate performance testing, by Scott Barber
Testers often reset environments between tests, especially if using test cases, by e.g. closing the application or only focusing on one step in a long flow. The problem: Users don't. The test technique flow testing is thus about focusing on what will happen when a continuous chain of events occur. One way is to actually identify a long, realistic flow (e.g. a "buy, cancel, refund" cycle in a web shop) and test this, another is to not reset between tests (e.g. not close the application or reset data for several days while testing).
- Go with the flow, by Michael Bolton
- Heuristic test strategy model, by James Bach
Scenario testing is, unsurprisingly, about creating a scenario and test this scenario. One important benefit with scenario testing is it can identify gaps in the implementation that other techniques generally don't, as they focus on what has actually been implemented.
- An introduction to scenario testing, by Cem Kaner
- Soap opera testing, by Hans Buwalda
- Scenario testing from CAST 2010, by Cem Kaner
- Heuristic test strategy model, by James Bach
Claims Testing
Also known as "specification-based testing". The idea is to identify the claims made about the product and check if they are actually true. Claims can come from a variety of sources e.g. specifications, requirements, manuals, various in-app help sources, public statements or the EULA.
- The power of claims testing, by Darren McMillan
- Claims testing, by Parimala Hariprasad
- Mindmap - Claims, by Parimala Hariprasad
- Mindmap - Claims, by Albert Gareev
- BBST Test design (page 89 and forward), by Cem Kaner and Rebecca L. Fiedler
User Testing
User testing is about asking yourself "how can I use users to improve my testing":
- A user attempts to complete various tasks in the application and walks you (the tester) through how she/he is reasoning. The tester's job is to identify problems the user runs into e.g. not understanding certain parts of the navigation.
- Use user data to drive the testing e.g. "the most items a user has ever ordered is 104 and in our tests we never order more than 20, we should increase that amount".
- Personas and other tools helping you "simulate" a user can be used when testing, example:
"Looking at this from the perspective of 'Nancy, the power user', I realize we lack keyboard shortcuts in much of our application"
Do notice that user testing often refers only to the first bullet above. This is important since if you search for "user testing" you'll mostly find just a subset of what the test technique "user testing" is suppose to cover. Try also searching for e.g. "personas", "ux testing" and "usability testing".
- 13 ways to master UX testing for your startup, by Jamie Tolentino
- Don't make me think (book), by Steve Krug
- 5 types of usability tests, by Jeff Sauro
- Usability evaluation methods, by HHS
- BBST Test design (page 95 and forward), by Cem Kaner and Rebecca L. Fiedler
- How many test users in a usability study?, by Jacob Nielsen
Identify risks and design tests to cover each one of them.
These risks can either be identified:
... inside-out (ask: what could go wrong here?), example:
"We now allow users to delete their private messages, how could that be a problem? Well what if a user could potentially delete another user's messages? How can we test if that's possible to do?"
... or outside-in (apply common risks to the product), example:
By using Michael Hunter's "You're not done yet" I realize saving the configuration to a read-only folder could be a problem.
The chapter "Common product risks" includes tons of sources useful when applying the outside-in approach to identify risks.
Notice that "risk-based testing" (prioritize testing that's considered the greatest risk first) is not the same as the test technique "risk testing", but will be your most common result in a web search. However, articles about risk-based testing typically covers tools and techniques to identify and prioritize risks making them useful anyhow; just be aware of the difference.
- Heuristic risk-based testing, by James Bach
- Heuristic test strategy model, by James Bach
- Lessons learned in software testing (book), by Pettichord, Kaner, and Bach
How can you use tools you know about to improve your testing?
Do not confuse this with "automation", "automatic checking", "automated testing" or whichever term you prefer, which is a way to actually execute the ideas identified and not a test technique itself; even though unfortunately sometimes used as some sort of technique.
- Heuristic test strategy model, by James Bach
Other useful resources about test techniques
- What is a good test case, by Cem Kaner
More information about some of the test techniques above as well as some additional techniques.
- Lessons learned in software testing (book), by Pettichord, Kaner, and Bach
The chapter about test techniques is available online as PDF as part of the BBST course. I very much recommend you to get the rest of the book as well.
- BBST Test design, by Cem Kaner and Rebecca L. Fiedler
BBST presents a broad set of test techniques. Highly recommended reading in general and for test design in particular.
Critical and lateral thinking
Everything else in this article is more or less applications of critical thinking and supported by lateral thinking. They're thus the most abstract but generally applicable concepts I will describe.
Definition:
"The objective analysis and evaluation of an issue in order to form a judgement"
Oxford Dictionaries
Compare this to e.g. James Bach's definitions of software testing:
"Questioning a product in order to evaluate it"
... any similarities?
A more in depth definition of critical thinking has been made by The Critical Thinking Community.
When developing software we make massive amounts of assumptions, simply to save time, example:
This framework will prevent..., this is what users want, this is the simplest way to...
Critical thinking is essentially the skill needed to identify these assumptions.
Learning:
- Critical thinking for testers, by Michael Bolton
- 30 Days to Better Thinking and Better Living Through Critical Thinking (book), by Elder and Paul
- How to study and learn (part one), by The Critical Thinking Community
- Active Learning Strategies to Promote Critical Thinking, by NCBI
- [Module C] Critical thinking, by The University of Hong Kong
- Critical Thinking Skills: What are They and How Do I Get Them?, by Winston Sieck
- Critical thinking, from Wikipedia
I would love some more (and better) sources on critical thinking, so please drop a comment with your suggestions!
Lateral thinking
Lateral thinking is simply put the skill to think outside the box.
Definition:
"The solving of problems by an indirect and creative approach, typically through viewing the problem in a new and unusual light. Contrasted with vertical thinking."
Oxford Dictionaries
Reading material:
- Lateral thinking (book), by Edward de Bono
- How to Apply Lateral Thinking to Your Creative Work, by Shane Snow
- Lateral thinking, from Wikipedia
Exercises:
- Lateral tester exercises, by Rikard Edgren
- What can you do with a brick?, by Rob Lambert
- Search for "lateral thinking puzzles", from Google
Domain knowledge
To be able to form any test you first need to, at least on a conceptual level, understand the product and its context.I for instance like to think I'm pretty skilled with test techniques, that my critical and lateral thinking skills are decent and that I know how to get some good value out of tools such as risk catalogs. Still, when new to a product I'm not very effective until I've actually learned the product.
Stuff you can do to quicken the learning of a new application and its context:
- Ask for a demonstration
- Look through available documentation (start with documentation intended for customers)
- Make a visual model of the application, enhance the model as you learn more
- Tour the application
- Ask for help to make a SFDIPOT analysis of the application
- Learn about and try out the tech the application relies on
- Speak with stakeholders to learn about e.g. the application's purpose and customers
- Start somewhere and slowly work your way outwards, to avoid getting overwhelmed
- Observe users, using the application
- Pair up with developers, testers and others working with the application
- Ask questions... lots of questions
- Look into, and apply, various learning techniques (search for "learning techniques")
- Learn about relevant laws, regulations, standards, certifications and business practices
- Speak with domain experts, sales people and customer service
- Look at test documentation available for the application
Other tools
Test framing
Test framing is about being aware of what you're testing and why, or, as Michael Bolton describes it in the link below: "link each testing activity with the testing mission". I find this useful to practice as the awareness, in my experience, improves my ability to see potential risks, better focus on relevant test design and it actively challenge my critical thinking skills.- Test Framing, by Michael Bolton
Opposites
When you have a few ideas to test it's sometimes useful to look at those and ask:
What's the complete opposite of these ideas and could that potentially be a concern too?
What's the complete opposite of these ideas and could that potentially be a concern too?
Examples:
What happens when several entries fit a delete condition?
Opposite: What happens when no entries fit a delete condition?
What if the network has limited speed, delaying requests?
Opposite: What happens when no entries fit a delete condition?
What if the network has limited speed, delaying requests?
Opposite: What happens if the network floods the application with requests?
How will a user with limited computer skills approach this?
Opposite: How will a tech-savvy user approach this?
Opposite: How will a tech-savvy user approach this?
- Exploratory testing dynamics, by James Bach, Jonathan Bach, and Michael Bolton
See "Exploratory Testing Polarities", page 4
Great additional sources
This is a collection of great test idea articles I've used for this article and/or when generating test ideas that just didn't fit into any of the other chapters:
- 37 Sources for Test Ideas, by Rikard Edgren, Martin Jansson and Henrik Emilsson
- How to generate test ideas, by SmartBear and Ministry of Testing
- 10 sources of test ideas, by Rob Sabourin
- Test Heuristics Cheat Sheet, by Elisabeth Hendrickson
- OWASP Testing project, by OWASP
- Test idea triggers, by Rikard Edgren
- Superhero Personas, by Andreas Cederholm
Please help me improve this
Initially this was intended as "just another blog post" but it sort of took a life of its own and became a pretty big reference page. I always appreciate comments but since I expect people to assume this is "the truth" more than usual, I will appreciate corrections and suggestions even more!
Really Nice Post and Worthy reading. Thanks for sharing these kind of Ideas.
ReplyDeleteReally great collection of test ideas! I'm certainly not the only one who will find this useful when it's one of those days :)
ReplyDeleteGood post..
ReplyDeleteCurrently this "Install Risk Catalog, RST Appendices (page 93), by James Bach and Michael Bolton" is found from page 77, but maybe to ease the article maintenance, you might want to refer in your article to look up current pdf page from the Table of Contents. But hey, 2½ years later still excellent post!
ReplyDeleteCorrected. Now instructs the reader to search for "Install Risk Catalog".
DeleteThanks for the correction, suggestion and kind words!
Thaanks for this
ReplyDelete