An oft touted phrase by martial artists is ‘enzan no metsuke’, which translates roughly as ‘looking at the far mountain’ – essentially the gaze you would use to view something very distant. If I am fighting an opponent and I focus too keenly on their sword, or the movements of their body only, then I am likely to miss movement elsewhere, the way they breathe, the way they distribute their weight, or lose the insight I would gain by observing that movement as part of the whole. An opponent who focuses too keenly on one particular area is easily distracted and hence defeated.If instead I observe my opponent’s eyes as though observing a distant mountain, I can use my peripheral vision to observe not only what the eyes themselves reveal, but everything else that is going on. With practise, I gain an wholistic understanding of my opponent’s movements and through that, their intent.
This is, in effect, exploratory testing. I don’t know much about my opponent, so I will observe everything I possibly can in order to expose a weakness, and then having done so, take full advantage. As rapidly as possible, you must determine what the appropriate action is.
Knowing one thousand tests does not make you a good tester, or even a tester at all. Anyone can learn to perform tests robotically. In any given situation, you might happen to run a series of tests, and you may even find bugs, but if you don’t understand why running the tests you did was appropriate, then you are not really testing. Likewise, a kendoka may strike an opponent, he may be victorious, but if he does not understand why his cut was successful, then he has improved neither his kendo nor himself.
When testing a new product, you’re looking not only to ensure that functionality works as described/expected (assuming for the sake of the example that this is what you are doing), but you are also on the lookout for the slightest inclination that something is amiss, or presents an opportunity to be taken advantage of.
You need to be aware that any action you take, and any action that the program makes in response to you can reveal information that you can use, even if you don’t understand why or how at the time. Initially this might simply be to use the product as it was intended, ensuring that the response is within acceptable parameters. Even if this doesn’t reveal errors, doing this should give you a number of ideas about what to try next.
You probably have a range of go-to tests – the usual suspects when testing certain types of things. In Japanese these are called your toku-ii waza (your best techniques). You take all the potentially vulnerable areas you suspect and go to work on them with your toku-ii waza. Because they’re techniques you know, you also know how things react to them, both when they’re working and when they’re not.
Either way, this is more information to go on with. If your toku-ii waza do not bear fruit, you might try instead to disguise your intent. Make one attack appear like another. If I look at my opponent’s head as though I intend to strike there, and then launch an attack, I may induce him to raise his hands in defence, at which point I can strike the wrists or abdomen instead.
The testing equivalent might be something as simple as renaming the extension of one file to another and opening it, or uploading it. It might be using regular expressions or executable script in the url or input form of an online form. If you abstract the concept, there are any number of ways one test can be made to appear as another.
Again, each response to each test you conduct tells you something more about the code under test. You must have enough focus that you are able to observe and take in the information you see, but enough detachment that you can correctly interpret it in a way that allows you to learn more. What I have described above is but one of many possible paths you might choose. The importance is the consciousness of that choice being appropriate to the information that precedes it.