15 tools and techniques that full-stack software testers should know

List of some testing techniques and tools that every test engineer should be familiar with, that help you to grow into a full-stack quality engineer

1. Device farm for cross browser / device testing

Web, mobile and desktop applications need to be tested in different browsers, operating systems and devices, in different versions to make sure that there are no bugs in specific device or version. Buying and maintaining the devices is a costly process and you could never keep up with the number of devices being released in the market daily. Device farms help us achieve this. You can choose the device farm provider based on the type of platforms you support - web, mobile, desktop or multiple platforms.

2. Testing the network traffic of the application

All popular browsers’ dev tools network gives a good view of the network calls made from your application and the timeline view as well. Use this effectively to identify the unwanted calls made or wrong parameters passed to an API. This also helps you to identify the slow apis that is affecting your app’s performance. This is the first step in testing performance in the early stages of the development lifecycle.

3. API Testing

You need not be an API testing expert to identify basic bugs in the APIs. Use basic tools like Postman to test your API with different data to uncover multiple types of issues.

4. Email testing

There are n number of email clients across different platforms (mobile, desktop, web), the mail you send to the users should support all the clients in all screen sizes. Keep an eye on the Dark mode of email client also. There are tools that make testing on multiple email clients easy.

5. Temporary email addresses

If you need multiple emails to test in your application, there are tools that give you temporary emails for testing. This comes in handy especially when your application doesn’t support + in email addresses.

6. Screen capture / recording

Key part of bug tracking is knowing the exact ways to reproduce a bug. Adding a screenshot or screen recording is an easy way to explain a bug. Using a cloud based tools gives an easy way to share the recoding as a link easily.

7. Session manager extensions for browsers

Session managers help you use your website in multiple tabs/windows each with a different login simultaneously. This will remove your huge effort of having to log-out and log-in to switching over to multiple users while testing. Some of the popular extensions are

8. Font checker

Sometimes it is hard to tell two fonts apart. There are browser extensions to easily show the fonts used in your website. You can identify the bugs in fonts or styles used. Some of the popular extensions are

9. Cookie managers

Play around with your site cookies to see how your site behaves when a cookie is altered or removed. Browser dev tools have these capabilities, but there are extensions that are easier to use. Many sites store some user preferences in cookies, editing/removing them can open up new types of bugs. Popular extensions

10. Device resource monitoring

Your web page, mobile or desktop applications can consume a lot of the device resources that you know. The important things to monitor are CPU, Memory, Battery. If your mobile or desktop application is running as a background service, it is more important to test the resource consumption.

11. Security testing

Security testing has a vast scope. There are different types of security testing or assessments. As an application tester, you can do basic security validations.

  • Check if your application is resistant to denial of service attacks. Run scripts to hit your application urls or apis continuously from a machine outside your trusted network and validate if you are being rate limited.
  • Common attacks on your systems are done due to unwanted ports that are open. Run a scan on your endpoints to discover the ports that are vulnerable. Tools like Burp include an engine that can crawl your web apps and find a wide range of vulnerabilities.
  • Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into websites and making the application vulnerable to session hijacking, data breach or even modify the site content. You can try adding scripts in all the input fields and validate how it is handled. Or use tools that can scan the fields vulnerable to XSS attack.

12. Accessibility testing

Accessibility testing usually is done as a separate cycle, but most of the accessibility issues can be captured early in the lifecycle with the help of some tools. Minor issues like un-accessible actions, contrasts, aria can be identified early in the cycle.

13. Data Simulation (Location, Call, SMS)

Applications involving services like Location, Calls, SMS or even some third party API calls, are sometimes hard to test. Use tools to simulate those services. Tools like VPN, fake GPS, fake call, fake SMS, API mocking tools help you simulate real world scenarios with ease.

14. API failures simulation

Applications consume a lot of third party APIs to achieve few things. We often fail to test how our application behaves when one or more of these APIs fail. There are multiple reasons for the failure, user’s AD blockers can block it, the firewall of user’s network can block many urls. To identify those,

15. Auto Form filler

Auto form fill extensions allow you to quickly enter details. This would be handy when testing length forms. You can either use extensions that fill in random values or save the predefined values and use it every time. These extensions not only reduce your time, but also capture the bugs when a field accepts an input that it is not supposed to.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store