The Incredible Importance Of Testing

Recently I had a pile of stuff to donate to charity. Their phone center wasn't open when I called to set up a pickup, but their phone message said I could set one up online. Sweet!

Working through the multi-step process I reached a page asking what I was donating. This page had a drop-down list of common items with a corresponding Add button, a text box for free-form entries and its corresponding Add button, and a multi-line text box labeled "Donations". I entered all my entries in the Donations box and then clicked Next.

Only to be confronted with a message that "You cannot modify this field directly". Dismissing which cleared all my entries.

Aargh!

So I tried selecting "Yard sale cleanout" from the common items drop-down. The result: "We are not able to accept the following items in your area: Yard sale cleanout".

So why did you give me the option?

Given that it was the only option left, I entered my items one by one in the free-form text box. This finally worked. (Although I found that entering things it doesn't recognize results in a generic message listing six different items they won't accept in my area, none of which have anything to do with the item I entered. But if you preface that same item with a number it's accepted just fine.)

After selecting a pickup date I entered my phone number and last name. That took me to a page that linked to my donation history! (Which, I later discovered, is also available directly from a link on the site's home page.)

Given all the problems I'd found I was somewhat surprised to see that they actually used a single database for both online and phone-based pickups. But that only makes this security hole that much worse. Given just a name and a phone number - easy to get from the White Pages - I can access the donation history, address, and full contact information for anybody I want.

Oops.

This is a perfect example of why testing is important. I imagine that this site was created by a volunteer developer, and I assume (hope) that that developer did do some testing. But I find that developers want to make sure their code works the way they want it to, while testers want to see how many different ways they can make that code misbehave. And crash. And melt down.

Good developers value their testers because of this. Do you?

Know a good story? Email me and I'll highlight it here!

Posted by The Braidy Tester at 07:30 AM  Permalink