If something seems problematic / acts oddly, interact with it directly and indirectly to evaluate it more closely, in different situations.
The interaction can be editing, searching for, redoing steps…
Keep poking until something comes out, or you’re satisfied it won’t.
At an exploratory testing training course I was giving, I was observing a pair who had just found a potential issue: the value in a field had disappeared from the UI.
On seeing this, they did the following steps:
- First, they entered a different value and saved. The value did not disappear.
- Then they performed a search for the item using the new value and found the correct item.
- They edited the new value from a different screen.
- They didn’t find any indication that there were continuing problems with this field (apart from the original one that lead them down this route).
I asked them why they’d done those things. After getting through the initial ‘I don’t knows’ and ‘just because’, we arrived at: “because we thought there might be a problem with this thing and we wanted to look at it more closely, and in different situations”.
Now, that pair didn’t find any more problems with that area. But the pair next to them were working on an entirely different application. They’d found a problem with a password field, and operated on a similar principle of exercising that field and the password logic more.
Their steps were
- Resetting the password
- Logging in and logging out
This pair found a rather interesting security hole in the password management.
As catchy as “we thought there might be a problem with this thing and we wanted to look at it more closely, and in different situations” is, I started calling this activity “poke it till it pops” (or “pieks es bis es platzt” in German). For me, it’s the pimple heuristic: if something causes a lump, poke it. And keep poking it until something comes out, or until you’re satisfied it won’t.
So there we have it. Poke it till it pops, the pimple heuristic.
|I observe||A field with interesting behaviour|
|I think||There may be more interesting behaviour here|
|My next step||Interact with the field by editing it, searching for data you’ve entered into it, viewing the same field in a different client…|