<< 32 pounds to stupidity | Home | QTP: Why VBScript a bad choice >>

Why developers make good testers...sometimes.

Recently, my cubie was testing one of our web apps. She got the following:



She wrote up the error and submitted it. It was for a currency amount, and she had put a zero in it. The defect was returned as "works as designed" as the field should never get a zero in it, meaning that the developer decided that a user would never put a zero. He stated it should be closed. She asked me about it.

I explained that:
1) A user should almost never see an ugly error like this. It is poor programming that would produce this.
2) Just how does a zero produce an overflow anyway? That makes very little sense to me, but then again, I don't have access to the code. Could be a calculation problem, I guess, but I'd expect a divide by zero before an overflow.

I guess he thought he could BS away the error rather than fix it. Pathetic.
Print | posted on Thursday, May 08, 2008 11:12 AM

Feedback

# re: Why developers make good testers...sometimes.

left by Marcus at 5/8/2008 3:08 PM Gravatar
Hey, you should really try some SQL Injection and XSS attacks on that integer field--if the exception is unhandled and the result displayed back to the screen, I'll bet it will render Javascript.

Give it a shot. Try putting an img tag that points to a picture of Ringo Starr in there or something. If he doesn't take that seriously, go to www.darkreading.com and just oggle at the kinds of exploits this could open them up to.

Any unhandled exception that makes its way back to the end user is a prime target for the most amateurish hacker.

# re: Why developers make good testers...sometimes.

left by MES at 5/9/2008 1:58 PM Gravatar
ARE YOU KIDDING? Works as Designed? I don't think so. Unconstrained field errors that present nasty .net exceptions are NEVER as designed.

Go kick that dev's chair for me. ARGH...Makes every QA bloodcell in my body vibrate with rage!
Comments have been closed on this topic.
Copyright © Theo Moore