September 25, 2009

Some Testing and QA Blogs You Should Read



Blogs are a great way to quickly read what others in the Testing and QA field have to say about our profession.

Here are some good ones.  I read them often.  Perhaps you should check them out:


Matt Heusser's Blog - Testing at the Edge of Chaos
Matt is a software craftsman with an interest in testing, project management, development, how people learn and systems improvement
Matt Heusser
http://blogs.stpcollaborative.com/matt/


I.M. Testy
Treatises on the practice of software testing
Bj Rollison
http://www.testingmentor.com/imtesty/

Tooth of the Weasel
Notes and rants from Alan Page.
Alan Page

Test Obsessed
Elisabeth Hendrickson’s Thoughts on Testing, Agile, and Agile Testing
Elisabeth Hendrickson
http://testobsessed.com/

Google Testing Blog
If it ain't broke, you're not trying hard enough
http://googletesting.blogspot.com/

DevelopSense Blog
Observations on software testing and quality, by Michael Bolton
Michael Bolton
http://www.developsense.com/blog.html

James Bach’s Blog
The Consulting Software Tester
James Bach
http://www.satisfice.com/blog/


Practical QA
Common Sense Quality for the Rest of Us
Linda Wilkinson
http://www.practicalqa.com/


Abakas
I specialize in tactical QA - preventing, finding and fixing software problems no matter what the circumstances. No excuses, no problem.
Catherine Powell
http://blog.abakas.com/


Steve Rowe's Blog
Ruminations on Computing - Programming, Test Development, Management and More
Steve Rowe
http://blogs.msdn.com/steverowe/default.aspx


Exploration Through Example
Example-driven development, Agile software development, testing, Ruby, and other things of interest to Brian Marick
Brian Marick
http://www.exampler.com/blog/


Collaborative Software Testing
Jonathan Kohl's blog on software investigation
Jonathan Kohl
http://www.kohl.ca/blog/


Test This Blog - Eric Jacobson's Software Testing Blog
Refinements on the art of software testing
Eric Jacobson
http://www.testthisblog.com/


Expected Results
Testing, managing, consulting, quality and the art of motorcyle maintenance
Phil Kirkham
http://expectedresults.blogspot.com/


PractiTest QA Blog
Testing Tools & Methodologies for the Practical QA Tester
Joel Montvelisky
http://qablog.practitest.com/

Adam Goucher
Quality through Innovation
Adam Goucher
http://adam.goucher.ca/

Steve Souders - High Performance Web Sites
Steve works at Google on web performance and open source initiatives...
Steve Souders
http://stevesouders.com/

QA Hates You
You suspected it.  Now you know it.
The Director
http://www.qahatesyou.com/wordpress/

(last updated December 30, 2009)
Labels:

September 22, 2009

Testing Virus Recognition - The EICAR Anti-Virus Test File



We are currently building a product that allows users to upload a file that we will then place on a publicly-available website.  One of the requirements is that we check the uploaded file for viruses first.  This presented an interesting testing opportunity.

Our enterprise anti-virus software can scan the uploaded files, and delete them if a virus is detected before they are moved to the externally-accessible location.  But how to test this?  We couldn't use a real virus - that's far too dangerous.

Fortunately, there's a nice solution.  Eicar, the European Institute for Computer Antivirus Research, in conjunction with most major anti-virus vendors, has created a file that is not a virus itself, but will cause most anti-virus software to react as if it were a virus.

If you copy the following 68-character string into notepad, and save it to a text file, your anti-virus software will treat that file as if it contained a virus: copyrightjoestrazzere
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
(Or download one of the files from http://www.eicar.org/anti_virus_test_file.htm)

For my tests, I simply had to take this file to a machine that had its own anti-virus software temporarily turned off, then submit it to the new product.
  • Test completed. 
  • The product reacted as expected.
  • The appropriate message was written to the event log.
  • The appropriate warning message was displayed to the user.
  • The "pseudo-infected" file was deleted and not made public.
  • Test Passed!
It's fun to learn a new technique.

See also:
http://en.wikipedia.org/wiki/EICAR_test_file
http://antivirus.about.com/od/whatisavirus/a/eicar.htm
http://www.anti-malware.info/weblog/2006/09/eicar-anti-virus-test-file-changed.html
Labels:
Subscribe to: Posts (Atom)