TesterHQ - The Evil Tester Blog Aggregator

May 4, 2018 - 7 minute read - Evil Tester Testing

When Management Systems Restrict Testing - Crowdsourced Functional and Security Testing Mismatch

TLDR; Too many scope and reporting restrictions on testing attenuates both noise and signal.

I’ve tried a few crowdsourced testing environments - as a tester.

And I’ve tried a few crowdsourced security testing bug bounty environments - as a security researcher.

Unfortunately both of these environments create a management system that limits the defects that can be raised.


  • when taking part in a BugBounty - functional defects are out of scope.
  • When taking part in a crowdsource testing project - so many defect categories are out of scope

If I was a company outsourcing to these programs, I would view that as a risk.

Apr 26, 2018 - 4 minute read - REST API Java For Testers

Overview of Spark and HTTP Testing with JUnit

TLDR: Spark is static so having it run in an @BeforeClass allows HTTP request testing to begin.

I use Spark as the embedded web server in my applications. I also run simple HTTP tests against this as part of my local maven build. And I start Spark within the JUnit tests themselves. In this post I’ll show how.

Apr 26, 2018 - 2 minute read - Evil Tester Testing

A Compendium of Testing Apps

TLDR; A Compendium of Testing Apps rebadged, re-packaged, new repository, more apps, including REST API testing.

I bundled up a bunch of web pages into a testing app.

I have now restructured the code for that application and added in a REST API Test application as well.

I’ve also moved the code to a new repo to make it easier to download.

You can find the “Evil Tester’s Compendium of Testing Apps” at

And download from the releases page

Apr 25, 2018 - 6 minute read - REST API Java For Testers

When would I choose basic HTTP libraries rather than using RestAssured?

TLDR: when I have a small set of HTTP use-cases, and I’m working on fast in-build HTTP integration verification then I’ll probably use HttpURLConnection

I do receive a question fairly often like:

  • “Why would you ever use basic HTTP libraries rather than Rest-Assured?”
  • “When would you choose to use basic HTTP libraries instead of Rest-Assured?”

And other variants.

I’ll try to answer that in this post.

Apr 24, 2018 - 6 minute read - REST API Java For Testers

Migrating from JAXB XML processing to XStream

TLDR: refactored to isolate XML processing, configured XStream in code, removed all annotations, added XML header, wrote less code

I have a small REST API application which uses Spark and GSON and JAXB. I haven’t released this to Github yet but I did release some of the example externally executed []integration verification code](https://github.com/eviltester/rest-listicator-automating-examples) for it.

When trying to package this for Java 1.9 I encountered the, now standard, missing JAXB, libraries. So I thought I’d investigate another XML library.