Questions from UK testing team . .
hi, yep we talked about this a while ago and I forgot to respond
And we’ve been wondering how many different device/platform combinations we need to test. But you may have done a good range of this in your testing to date.
as many as you can. We do what we can but a lot of testing is me and then we get device / platform feedback from users! The more you can do the better
We are also interested to know what security testing has been done already (for example on checking data visibility for ordinary and privileged user accounts, and on against HTML and SQL injection attacks).
again, we do what we can but we’re extremely under-resourced in this area, so the more you can do the better. We keep rails / spree security patches pretty up-to-date so that should be the bulk of protection against injection attacks.
Data visibility for ordinary and privileged user accounts is a high priority for you to look out for things. We keep a pretty close eye on this and it should be ok, but as we’re doing lots of work on permissions etc things are changing and the more eyes the better! That said, a lot of the way we’re working and building starts from “ok we’re dealing with this user, what are they doing / need to do and what should they see” so it’s pretty embedded in the way things are built and very top of mind. The place I’d like you to keep biggest look out for it is in the reports
To save us unnecessary work, could you let us have a copy of your relevant test scenarios?
I’m afraid they’re mostly in my head, so your work to write them up will be very useful. I did try to write out detailed cases a while ago but no one else ever used them so was more work for me to try to write and maintain than just to test as much as i can.
NB. This should also become clearer as the new information system gets settled and into play - because we should be aiming for clear specs on features here before they’re built, so that by the time it comes to testing there is already a very clear description of what should be happening!