âI want to be more technical!â
is something Iâve heard from a few testers, those Iâve spoken to at conferences, worked with, interviewed, and interacted with on Twitter. Many are concerned about not being technical enough, and that they can only be valuable and have career longevity if they are technical. What does this even mean though? It seems a little ambiguous, and one can end up lost and confused trying to learn the skills to attain some arbitrary technical status. Mark Winteringham recently did an Ask Me Anything session on technical testing where he said he views it as âdeep divingâ into a particular subject, be that code, or anything else.
Technicality Is In The Eye Of The Beholder
Technical is something of a relative term. To someone who has never used a computer, being able to switch one on and use one might seem unbelievably technical, something Mel talked about in her interview with Gem. Many people have become the go-to IT support person for their family members because they are the âtechnical oneâ, showing how technical a person is perceived to be is dependent on the perspective of the person perceiving them. To many of my friends, Iâm super technical, but to some of you, I would most certainly be less so.
In the context of testing, the use of the word technical triggers an almost immediate association with test automation, it feels almost instinctive to make that connection. When many testers say they want to be more technical, what they really mean is that they want to be involved in writing test automation or writing code, but this feels like a narrow view. Much of this can stem from the pedestal on which developers are placed. Think about the terms which are thrown around, ârockstar developersâ anyone? Someone who can code would almost always be described as technical, but that doesnât mean someone who canât, is not.
If you arenât involved in automation, this can lead to feelings of inadequacy, but there are so many other facets to being a technical tester.
Understanding How Itâs Built
In my view, understanding how an application is put together, what itâs made of, and how everything interacts, is a great place to start if you want to become more technical. You donât necessarily need to know anything about coding to be able to do this. Iâve worked with a number of fantastic technical support teams who have to have an extremely in-depth understanding of everything the product is doing in order to support their customers successfully. Maybe they arenât looking at or writing the code, but no one would ever label them as ânon-technicalâ. Â
A great place to start is to model out the application or feature you are looking at on a piece of paper or a whiteboard. By this I mean, draw out the different component parts of the system, and the types and direction of communication between them, perhaps the trust boundaries, you could even indicate where your users interact with it. It doesnât have to be a fancy architectural diagram, even a series of boxes and lines is enough to start with. If you donât know how your application hangs together, ask your developers.
These kinds of diagrams are often the basis of how technical testers identify risks, come up with tests they need to carry out, and start to think about what tools might help them. They are also used by security testers when carrying out threat modelling exercise. They are a tool I often use when interviewing new testers as I always like to see that a candidate has a good understanding of what they are working on.
Getting Under The Hood
A widely held view seems to be that âmanual testingâ = non-technical, that testers think only from the user or business perspective, and that testers navigate the front end only with no knowledge or insight into the inner workings of the application. When we click on that shiny button on the UI, we want to know what happens next, donât we? Just caring about what happens at the beginning and what we see at the end is like reading the first and last chapter of a book and assuming you know everything that happens in between.
I donât know about you, but some of the great testers I know are what could be described as âprofessionally noseyâ, as Gem Hill describes it. They have a sense of curiosity and asking questions like âHow?â, âWhat if?â and âWhy?â all the time. Itâs this that can also help lead people to build the understanding they need to become great technical testers, and as a result, much more T-shaped.
âWhy is it built like that?â
âHow does that request work?â
âWhat if that part of the system isnât there?â
Looking Beyond the UI
Once you have a model of your application, you can work out what to look at beyond the UI. Â Is an API request triggered when you click on a button on your web front end? Great! Now itâs time to go and find out what that request looks like, maybe your developers have implemented API documentation like Swagger which could help you with this. Katrina Clokie has a fantastic API and web services testing pathway to help you learn more. Danny Dainton also has a fantastic GitHub repository to help you get started with Postman for API testing. Â
From there you can continue to look at what happens to responses from API requests. It may be that data is written to a backend database, or information returned to the user via the front end. If the information returned contains errors you can investigate if and how these are represented to your users, that they are handled gracefully, and donât leak information which could be misused.
I find the key to understanding different layers of an application is by always asking âWhat next?â, âWhat happens then?â In the same way that the 5 Whyâs can help you to get to the root of a problem, âand then?â helps you trace the flow or sequence through a system. Once you know this, you can start to identify risks, come up with tests relating to those risks, and think about what tools could help you.
Sometimes this task can be made easier if your developers or architects have created sequence diagrams. Generally, these are a series of boxes and directional arrows indicating the order things happen in. If you donât currently have one you could use what you learn to try and create one.
Exploratory Testing Can Be Technical
Often, exploratory testing is associated with manual, or non-technical testers, but these associations can be misleading. Exploratory testing can be a very technical activity. Maaretâs article on Exploratory Testing an API provides some great information on exploring APIs. You can explore anything around an application, and this technique isnât limited to the UI.
A great way of making exploratory testing of web applications more technical is by using inbuilt browser tools. These are often accessed by pressing F12 in your browser and youâre presented with a whole bunch of tools to help you explore further. Alan Richardson, aka Evil Tester, has a great Technical Web Testing course which guides you through how to use these tools. He also publishes numerous videos focusing on technical testing topics including recorded exploratory testing sessions using some of these techniques.
Proxy Tools
Once you know the basic flow around your site or application, a proxy tool can give you even more detailed information. A proxy will capture the traffic flowing between your web browser and the site or service you are browsing to. You can also use proxies to capture traffic between services, or network traffic.
There are a variety of options, including:
Similarly, if you want to look at the traffic flowing around your network, you can use a tool like Wireshark. This enables you to capture packets being sent to and from a specified network interface. While the UI may not be the most intuitive, itâs an extremely powerful tool. Joe Colantonio has a great podcast episode which goes into how to get started with Wireshark.
Security Testing
Penetration testing or Security testing can be viewed as extremely technical exploratory testing. Specialised security testers and penetration testers have a significant amount of technical knowledge, and this isnât just confined to coding. They need to know, amongst other things, about networking, architecture, operating systems, and the details of vulnerabilities. A great many of them use some of the tools Iâve already mentioned.
While stepping into a new field of study, like security testing, can be a bit intimidating at first, there are many resources and communities online to help you. Open Web Application Security Project (OWASP)
OWASP is an organisation dedicated to improving the security of software. Their site contains a wealth of resources to assist beginners to get started with security.
- OWASP Top 10, a list of the most critical vulnerabilities, something which professional security testers frequently use.
- Cheat sheets
- OWASP testing guide
- Tools, like OWASP Zed Attack Proxy, to help you identify security vulnerabilities
- OWASP juice shop - a training environment to help you learn how to explore an application for different vulnerabilities.
Aside from OWASP, there are other resources which you might find useful if you have an interest in application security.
- Troy Hunt - a security researcher and speaker, has some great videos and courses, as well as his own vulnerable training site, HackYourselfFirst.org.
- Dan Billing recently did an AMA on Security Testing.
Automation
Being able to write test automation, or create tools to help you test, can be a helpful skill. If that skill is applied incorrectly, if we automate the wrong things, if we automate when we donât need to, we are setting ourselves up for failure, or at the very least a lot of hard work further down the line.
Having an understanding of where automation can add value, solve problems, support testers and the development of the application as a whole, is one of the most important skills to have relating to automation. Yet we seem to focus solely on the technical aspects. In my most recent role, this is where Iâve been involved. I donât spend my days writing automation test code. Understanding where automation adds value requires technical knowledge, of the application, of the risks, and of what automation can do to help the team maintain a high quality project.
If you are looking to improve your coding and test automation skills there is a wealth of resources to help. Ministry of Testingâs own Richard Bradshaw and Mark Winteringham have created Automation In Testing, which includes a number of online courses covering coding concepts, as well as specific languages like Java, and C#.
But I Donât Test Web Applications!
Even if the application you are testing isnât a web application or website, for example, if you are testing desktop applications, the same principles still apply. Understand the architecture, data flows, and technologies used to build the application. This will enable you to dig deeper during testing.
Defining âTechnical Enoughâ
There is no bar for what constitutes as technical enough. We know that no one can know everything there is to know about testing, technical or otherwise. Even the brightest minds in the testing and development world will admit this. Itâs likely youâll work on projects where you need to learn new technical concepts, but being technical doesnât mean you use a particular tool, or automation framework, or dictate that you automate at all. It doesnât need to mean that you wrote those tools yourself.
Non-Technical Isnât Inferior
Ultimately, labels like âTechnical,â and âNon-Technical,â can be quite unhelpful. They are full of ambiguity and end up causing people to feel bad about not meeting some imaginary standard, feeling like they arenât good enough, and like second class citizens. Instead, why not focus on developing the skills you need to test your software at a deeper level. Maybe youâll use tools, maybe youâll write tools, the absence of either doesnât indicate a lack of technical skill.
I have always labelled myself as ânot creativeâ, in that I donât think I have any artistic or creative talent. It doesnât come naturally to me. A post from Constance made me reconsider this. People with creative talent spend hours of hard work, dedication and practice to cultivate this. As Constance says, itâs not a fixed attribute. Well, neither is the state of being technical, or not. Maybe you donât have those technical skills right now, or consider yourself non-technical, but that is not a permanent state of being. Â Â
For all the technical traits that you can possess, the non-technical ones are equally as important. If the thing you are building isnât what your customers want, contains features which might not work for certain groups of users, or if your team cannot work well together, no amount of technical skills will help. Cultural and people problems can be infinitely trickier to solve than technical ones, and not enough people consider these kinds of issues when developing software. So, avoid putting people in boxes, and stop limiting yourself by labelling yourself either technical or non-technical.
References
- Why you shouldnât label team members as âtechnicalâ or ânon technicalâ - Jennifer Kim
- API and Webservices testing pathway - Katrina Clokie
- AMA - Technical Testing - Mark Winteringham
- AMA - Security Testing - Dan Billing
- Letâs Talk About Tests Baby : The Novella of Testing - Gem Hill ft Melissa Eaden
- OWASP : Threat Modelling
- Exploratory Testing An API - Maaret Pyhäjärvi
- Test Talks - Joe Colantonio
- Automation In Testing - Richard Bradshaw and Mark Winteringham
- Creativity Is Not An Innate Talent - Constance Armitage