In the last few years there has been an increasing debate about software testers being able to program. Given the popularity of different approaches to testing such as test automation, agile and technical testing, it seems to make sense that testers should have programming skills. However, this is part of the confusion about what exactly constitutes ‘testing’.
Hacking is testing
Another recent trend is the increasing incidents of hacking which are publicly visible. Most people can’t help know what is hacking, at least in general terms. Hackers try to find vulnerabilities in software or websites to inflict damage. The damage can range from defacing a popular website, to making websites unavailable, to exposing a politician’s sensitive email communication.
Leaving aside the harmful objectives of hacking, you could think of testing as finding vulnerabilities in the software which might adversely affect users (and then getting them fixed). In the case of testing, ‘harm’ could include situations which may not create any (explicit) damage. It might mean that users are confused with the software or even users making mistakes which can’t be undone.
If hacking is a form of testing, what programming language do hackers use? On Quora.com (requires registration) , Adrian Lamo, a well known hacker, is very popular and answers many questions on hacking. In response to a question (requires registration), Adrian responded that he doesn’t use a programming language. He also adds,
‘While I never learned to code, I learned to read code, and I learned how programmers thought, which assumptions they tended to make, and what mistakes their common training tended to cause them to make in common across completely different systems.’ (Please read the original question for more details).
For many testers ‘reading’ production code may not be easy. As advised in Lessons Learned in Software Testing, testers should learn a high level programming language like Java or C# . They should also learn a scripting language like Python . There are many online resources to learn programming.
A more powerful idea is to get a programmer do a walk through of his code. This is often mentioned  by James Bach, a thought leader in software testing, when describing how to work with developers. It’s more important to understand what the code does and be able to ask questions, than understanding programming language syntax. The dialog with a developer is also more beneficial than looking at code on your own.
It’s also more important to understand computer science concepts than programming language syntax. For example, it’s more useful to know what are race conditions or cache, than to know about singleton classes or programming patterns.
Test automation has become part of the job description for testers. While automation is critical to well engineered software which is released in frequent increments, it doesn’t contribute to questioning if we are meeting user’s needs or finding information related to risk. If you separate those objectives, programming skills may be even less important. In the case of hackers, test automation, as commonly practiced in software development, is not part of their toolkit.
As a tester there is no harm in learning a programming language, it can only help. However, there is a big difference in understanding code and asking questions versus writing production test automation code or finding defects in production code on your own. That requires a significant investment of time and mind share which can compromise improving skills in finding risks and vulnerabilities. For Adrian Lamo, programming proficiency is not a priority in finding the most severe vulnerabilities in software.
- Quora.com requires a login
- Lesson 267: Learn Java or C++, Lessons Learned in Software Testing
- Lesson 266: Learn PERL, Lessons Learned in Software Testing
- Youtube video, ‘James Bach on testing in an agile software development team.’, https://youtu.be/vqwyMaHcjQE, Chalktalk mentioned at 7.46 https://youtu.be/vqwyMaHcjQE?t=461