TesterHQ - The Evil Tester Blog Aggregator

May 15, 2018 - 8 minute read - Evil Tester Testing

On Hacking and Being Hacked

TLDR; If you self-host a Wordpress site, make sure you can restore from backups and check your site using wpscan and other tools regularly.

Is it irony or synchronicity when you learn hacking in more detail and end up being hacked.

Lessons learned from a WordPress hacking challenge and having your WordPress site hacked. Lessons learned from a WordPress hacking challenge and having your WordPress site hacked.

May 9, 2018 - 5 minute read - Evil Tester Testing

Protect The Square and Buggy Games

TLDR; Some games are not meant to be played, they are meant to be played with.

I recently released “Protect The Square”, which according to my version control system I wrote on 2nd May 2016. I had forgotten about it.

I found it again a few days ago and decided to release it as the technical exploration exercise it was intended for.

May 8, 2018 - 6 minute read - Evil Tester Testing

CounterString Algorithms

TLDR; Reverse counterstrings are easier to generate. Creating same output forward is harder but might be useful for streaming or files.

I assume everyone has heard of and used CounterStrings. I came across them because James Bach wrote about them and created the perlclip tool to generate them.

*3*5*7*9*12*15*

Over the years I’ve written a few utilities for generating CounterStrings for a variety of platforms. I had to implement them in Excel once because we weren’t allowed to install any test tools. Fortunately, with Excel we had VBA and could write anything we wanted.

I’ll describe the steps I’ve taken to create a Predictive Forward CounterString Algorithm.

May 4, 2018 - 7 minute read - Evil Tester Testing

When Management Systems Restrict Testing - Crowdsourced Functional and Security Testing Mismatch

TLDR; Too many scope and reporting restrictions on testing attenuates both noise and signal.

I’ve tried a few crowdsourced testing environments - as a tester.

And I’ve tried a few crowdsourced security testing bug bounty environments - as a security researcher.

Unfortunately both of these environments create a management system that limits the defects that can be raised.

i.e.

  • when taking part in a BugBounty - functional defects are out of scope.
  • When taking part in a crowdsource testing project - so many defect categories are out of scope

If I was a company outsourcing to these programs, I would view that as a risk.

Apr 26, 2018 - 4 minute read - REST API Java For Testers

Overview of Spark and HTTP Testing with JUnit

TLDR: Spark is static so having it run in an @BeforeClass allows HTTP request testing to begin.

I use Spark as the embedded web server in my applications. I also run simple HTTP tests against this as part of my local maven build. And I start Spark within the JUnit tests themselves. In this post I’ll show how.

Apr 26, 2018 - 2 minute read - Evil Tester Testing

A Compendium of Testing Apps

TLDR; A Compendium of Testing Apps rebadged, re-packaged, new repository, more apps, including REST API testing.

I bundled up a bunch of web pages into a testing app.

I have now restructured the code for that application and added in a REST API Test application as well.

I’ve also moved the code to a new repo to make it easier to download.

You can find the “Evil Tester’s Compendium of Testing Apps” at

And download from the releases page

Apr 25, 2018 - 6 minute read - REST API Java For Testers

When would I choose basic HTTP libraries rather than using RestAssured?

TLDR: when I have a small set of HTTP use-cases, and I’m working on fast in-build HTTP integration verification then I’ll probably use HttpURLConnection

I do receive a question fairly often like:

  • “Why would you ever use basic HTTP libraries rather than Rest-Assured?”
  • “When would you choose to use basic HTTP libraries instead of Rest-Assured?”

And other variants.

I’ll try to answer that in this post.

Apr 24, 2018 - 6 minute read - REST API Java For Testers

Migrating from JAXB XML processing to XStream

TLDR: refactored to isolate XML processing, configured XStream in code, removed all annotations, added XML header, wrote less code

I have a small REST API application which uses Spark and GSON and JAXB. I haven’t released this to Github yet but I did release some of the example externally executed []integration verification code](https://github.com/eviltester/rest-listicator-automating-examples) for it.

When trying to package this for Java 1.9 I encountered the, now standard, missing JAXB, libraries. So I thought I’d investigate another XML library.