15 tools and techniques that full-stack software testers should know

List of some testing techniques and tools that every test engineer should be familiar with, that help you to grow into a full-stack quality engineer

Application testing is a very vast domain involving testing of multiple components and different aspects of the software. With “shift left testing” movement, various aspects of testing are moved to the early stages of development lifecycle. Unlike earlier times where there were experts for each type of testing, QA engineers are expected to be end to end experts or “Full stack test engineers”. Here are some of the type of tools that will help you in the end to end testing of various application components.

The tools suggested are my personal choices and there could be better tools available.

1. Device farm for cross browser / device testing

Web, mobile and desktop applications need to be tested in different browsers, operating systems and devices, in different versions to make sure that there are no bugs in specific device or version. Buying and maintaining the devices is a costly process and you could never keep up with the number of devices being released in the market daily. Device farms help us achieve this. You can choose the device farm provider based on the type of platforms you support - web, mobile, desktop or multiple platforms.

Tools - BrowserStack, LambdaTest, pCloudy, SauceLabs, AWS Device farm.

2. Testing the network traffic of the application

All popular browsers’ dev tools network gives a good view of the network calls made from your application and the timeline view as well. Use this effectively to identify the unwanted calls made or wrong parameters passed to an API. This also helps you to identify the slow apis that is affecting your app’s performance. This is the first step in testing performance in the early stages of the development lifecycle.

Tools - Developer tools of Browsers

3. API Testing

You need not be an API testing expert to identify basic bugs in the APIs. Use basic tools like Postman to test your API with different data to uncover multiple types of issues.

Functional - If the API is returning the right data.

Security - Changing the parameters should not give the data that user doesn’t have access to.

Performance - There could be bugs like API returning thousands of records without pagination.

Tools - Postman

4. Email testing

There are n number of email clients across different platforms (mobile, desktop, web), the mail you send to the users should support all the clients in all screen sizes. Keep an eye on the Dark mode of email client also. There are tools that make testing on multiple email clients easy.

Tools - Email on Acid, Litmus, MailTrap.

5. Temporary email addresses

If you need multiple emails to test in your application, there are tools that give you temporary emails for testing. This comes in handy especially when your application doesn’t support + in email addresses.

Tools - Emailfake.com, fakemailgenerator.com, generator.email.

6. Screen capture / recording

Key part of bug tracking is knowing the exact ways to reproduce a bug. Adding a screenshot or screen recording is an easy way to explain a bug. Using a cloud based tools gives an easy way to share the recoding as a link easily.

Tools - CloudApp, Loom.

There are few unique tools like Tango.us that creates a step-by-step guide.

7. Session manager extensions for browsers

Session managers help you use your website in multiple tabs/windows each with a different login simultaneously. This will remove your huge effort of having to log-out and log-in to switching over to multiple users while testing. Some of the popular extensions are

Chrome extensions - Tab Session Manager, Session Box, Session Buddy

Firefox extensions - Firefox Multi-Account Containers, Session Box

8. Font checker

Sometimes it is hard to tell two fonts apart. There are browser extensions to easily show the fonts used in your website. You can identify the bugs in fonts or styles used. Some of the popular extensions are

Chrome extensions - Fonts Ninja, Font finder, WhatFont

Firefox extensions - Fonts Ninja, Font Finder

9. Cookie managers

Play around with your site cookies to see how your site behaves when a cookie is altered or removed. Browser dev tools have these capabilities, but there are extensions that are easier to use. Many sites store some user preferences in cookies, editing/removing them can open up new types of bugs. Popular extensions

Chrome extensions - CookieManager - Cookie Editor, EditThisCookie

Firefox extensions - CookieEditor, EditThisCookie2

10. Device resource monitoring

Your web page, mobile or desktop applications can consume a lot of the device resources that you know. The important things to monitor are CPU, Memory, Battery. If your mobile or desktop application is running as a background service, it is more important to test the resource consumption.

For websites, Chrome DevTools has the performance tab that allows us to record the memory usage of the website. Safari - the macOs Activity Monitor allows you to monitor the tabs opened in Safari. Firefox -

For Mobile device, there are multiple apps in the stores for monitoring CPU, Memory, Battery of the device and the consumption by each app.

11. Security testing

Security testing has a vast scope. There are different types of security testing or assessments. As an application tester, you can do basic security validations.

• Check if your application is resistant to denial of service attacks. Run scripts to hit your application urls or apis continuously from a machine outside your trusted network and validate if you are being rate limited.
• Common attacks on your systems are done due to unwanted ports that are open. Run a scan on your endpoints to discover the ports that are vulnerable. Tools like Burp include an engine that can crawl your web apps and find a wide range of vulnerabilities.
• Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into websites and making the application vulnerable to session hijacking, data breach or even modify the site content. You can try adding scripts in all the input fields and validate how it is handled. Or use tools that can scan the fields vulnerable to XSS attack.

Tools — OWASP ZAP

12. Accessibility testing

Accessibility testing usually is done as a separate cycle, but most of the accessibility issues can be captured early in the lifecycle with the help of some tools. Minor issues like un-accessible actions, contrasts, aria can be identified early in the cycle.

Test your application with voice over and zoom options provided by the OS.

Chrome and Firefox extensions - Axe devTools, Wave, SiteImprove, Accessibility Insights for Web.

13. Data Simulation (Location, Call, SMS)

Applications involving services like Location, Calls, SMS or even some third party API calls, are sometimes hard to test. Use tools to simulate those services. Tools like VPN, fake GPS, fake call, fake SMS, API mocking tools help you simulate real world scenarios with ease.

14. API failures simulation

Applications consume a lot of third party APIs to achieve few things. We often fail to test how our application behaves when one or more of these APIs fail. There are multiple reasons for the failure, user’s AD blockers can block it, the firewall of user’s network can block many urls. To identify those,

Use different Ad blockers with different settings to identify all the APIs blocked and how the app handles it

To block individual APIs and test the application behaviour browser DevTools have those abilities or use a mocking tool to simulate different failures.

Simulating a slow network or simulating various API response codes should be done for your application APIs as well.

15. Auto Form filler

Auto form fill extensions allow you to quickly enter details. This would be handy when testing length forms. You can either use extensions that fill in random values or save the predefined values and use it every time. These extensions not only reduce your time, but also capture the bugs when a field accepts an input that it is not supposed to.