Solve stubborn bugs faster by breaking things on purpose, questioning your assumptions, and thinking your way to clarity.

A command-line search tool that finds patterns in text — short for Global Regular Expression Print. In simple terms: it hunts through files and tells you where the thing you’re looking for is hiding.

A debugging technique where you explain your code (and your confusion) out loud — often to an object, like a rubber duck. The magic: saying the problem forces your brain to slow down and reprocess the logic, and half the time you’ll spot the issue before the duck even blinks. How it works:  Pick your “listener” — a duck, a plant, a coffee mug, or a colleague who can tolerate monologues. I have a lot of friends on my table to listen to me, my fav - sleeping Pikachu.  Walk through your code line by line, explaining what it’s supposed to do.  Wait for the moment you realize what it’s actually doing.  Why it works: Turning thought into speech forces clarity. You can’t gloss over details when you have to articulate them — even to plastic.

A distributed version control system that helps you track changes, collaborate without overwriting each other’s work, and recover from “oops” moments and make them "aha" moments. Think of it as a timeline of every decision your codebase has ever made - the good, the bad, and the experimental.Common commands:  git clone <repo-url> – Makes a local copy of a remote repository. Basically, downloads the project (and all its history) onto your machine.  git status – Tells you what’s changed since your last commit. Great for confirming if you’re in control or if chaos has already begun.  git add . – Stages all modified files for commit. You’re telling Git, “These changes matter — track them.”  git commit -m "message" – Saves a snapshot of your changes. The message is your future debugging diary — write something meaningful.  git push – Sends your commits to a remote repository (like GitHub). The part where you finally share your brilliance — or your broken code.  git pull – Fetches and merges the latest changes from the remote. Always do this before pushing, unless you enjoy merge conflicts.  git log – Shows commit history. Great for tracing when that one bug was born.  What's the git command that you learnt the hard way?

Doing this certification was cool, haha!! I'm Software Testing Essentials Certified (STEC) !! Thanks guys, for creating an opportunity to contribute to this certificate. Got to know a lot of "ho...

Strengthen your functional testing with technical tools that uncover hidden issues and speed up debugging

Eighteen months, 19 modules, and 59 amazing contributors later, the MoT Software Testing Essentials Certification is complete! Looking back, my favourite part has been seeing so many community m...

During filming for Module 18 of the MoT Software Testing Essentials Certificate, Marie Cruz put a demo e-commerce site through its paces with a k6 Studio load test and managed to reveal a hidden we...

Analogies: You bought a balcony ticket, but the stairs to the backstage were just… open. No one stopped you. No one checked. You walked in, sat at the controls, and nobody noticed. Or...You bought a regular ticket. But no one’s watching, so you just walk past the velvet rope into VIP, then backstage, then the cash counter. No one stops you. No one even asks, “Hey, should you be here?” What’s happening: It’s not about who you are, it’s about what you’re allowed to do. Broken access control means those checks are either missing, misconfigured, or just trusting too much. Test Like This: Change IDs in URLs. Hit admin routes with a normal account. Submit actions you shouldn’t have access to. If the system doesn’t push back, that’s your red flag. Simple rule: Getting in is one thing (authentication). But being let loose to do anything once you’re in? That’s the real problem.

Analogy: You bought a fancy smart lock… and left the default password as admin123. It’s like building a bank vault and taping the key to the front door. What’s happening: This is when your app or system is set up in an insecure way — usually by accident. Default settings, unnecessary services, verbose error messages—config is messy, and attackers love that. It’s not a flaw in the app; it’s a flaw in how the app was set up. Test Like This: Check for open ports, directory listings, or debug messages. Pro tip: Now every application uses frameworks. Go to the default sensitive pages of that framework. Most developers miss that.

Analogy: It’s like asking a guest to write their name on a building entry form, and they write, “Also give me the keys to your house,” and your building's security guard just… does it.What’s happening: You trusted user input to become part of a command or query without double-checking what they wrote. They didn’t just fill the form—they rewired the backend through it.Test Like This: Inputs aren’t harmless. Test it using inputs from the link below.It's my swiss knife for giving an input box a "green" flag.

Analogy: Imagine a bouncer who checks your ID once and then lets you come and go forever, even if you hand that ID to your drunk friend.What’s happening: Tokens don’t expire, passwords are weak, and sessions stay open. It’s like giving out permanent backstage passes to anyone who tries hard enough.Test Like This: Steal your own cookies. Reuse a password reset link. Log in on one tab, change the password on another, and see if the first still works. And then log out in the third tab.It blows off most of the time.