September 25, 2009

Some Testing and QA Blogs You Should Read

Blogs are a great way to quickly read what others in the Testing and QA field have to say about our profession.

Here are some good ones.  I read them often.  Perhaps you should check them out:

Matt Heusser's Blog - Testing at the Edge of Chaos
Matt is a software craftsman with an interest in testing, project management, development, how people learn and systems improvement
Matt Heusser

I.M. Testy
Treatises on the practice of software testing
Bj Rollison

Tooth of the Weasel
Notes and rants from Alan Page.
Alan Page

Test Obsessed
Elisabeth Hendrickson’s Thoughts on Testing, Agile, and Agile Testing
Elisabeth Hendrickson

Google Testing Blog
If it ain't broke, you're not trying hard enough

DevelopSense Blog
Observations on software testing and quality, by Michael Bolton
Michael Bolton

James Bach’s Blog
The Consulting Software Tester
James Bach

Practical QA
Common Sense Quality for the Rest of Us
Linda Wilkinson

I specialize in tactical QA - preventing, finding and fixing software problems no matter what the circumstances. No excuses, no problem.
Catherine Powell

Steve Rowe's Blog
Ruminations on Computing - Programming, Test Development, Management and More
Steve Rowe

Exploration Through Example
Example-driven development, Agile software development, testing, Ruby, and other things of interest to Brian Marick
Brian Marick

Collaborative Software Testing
Jonathan Kohl's blog on software investigation
Jonathan Kohl

Test This Blog - Eric Jacobson's Software Testing Blog
Refinements on the art of software testing
Eric Jacobson

Expected Results
Testing, managing, consulting, quality and the art of motorcyle maintenance
Phil Kirkham

PractiTest QA Blog
Testing Tools & Methodologies for the Practical QA Tester
Joel Montvelisky

Adam Goucher
Quality through Innovation
Adam Goucher

Steve Souders - High Performance Web Sites
Steve works at Google on web performance and open source initiatives...
Steve Souders

QA Hates You
You suspected it.  Now you know it.
The Director

(last updated December 30, 2009)

September 22, 2009

Testing Virus Recognition - The EICAR Anti-Virus Test File

We are currently building a product that allows users to upload a file that we will then place on a publicly-available website.  One of the requirements is that we check the uploaded file for viruses first.  This presented an interesting testing opportunity.

Our enterprise anti-virus software can scan the uploaded files, and delete them if a virus is detected before they are moved to the externally-accessible location.  But how to test this?  We couldn't use a real virus - that's far too dangerous.

Fortunately, there's a nice solution.  Eicar, the European Institute for Computer Antivirus Research, in conjunction with most major anti-virus vendors, has created a file that is not a virus itself, but will cause most anti-virus software to react as if it were a virus.

If you copy the following 68-character string into notepad, and save it to a text file, your anti-virus software will treat that file as if it contained a virus: copyrightjoestrazzere
(Or download one of the files from

For my tests, I simply had to take this file to a machine that had its own anti-virus software temporarily turned off, then submit it to the new product.
  • Test completed. 
  • The product reacted as expected.
  • The appropriate message was written to the event log.
  • The appropriate warning message was displayed to the user.
  • The "pseudo-infected" file was deleted and not made public.
  • Test Passed!
It's fun to learn a new technique.

See also: