Stupid QA Tricks: Colossal Software Testing Oversights
Want quality software? The trick to nipping IT miscues is testing, testing, testing, as these hard-luck lessons in boneheaded quality assurance attest.
The database-on-a-Web-site issue is only a slice of the problems Oklahoma's Department of Corrections faces when it comes to IT. An audit of the department published at the end of 2007 explains that the OMS (Offender Management System) is on the brink of collapse.
"The current software is so out of date that it cannot reside on newer computer equipment and is maintained on an antiquated hardware platform that is becoming increasingly difficult to repair. A recent malfunction of this server took OMS down for over a full day while replacement parts were located. If this hardware ultimately fails, the agency will lose its most vital technology resource in the day-to-day management of the offender population."
Testing tip: When you're building an interface to a database that contains the sensitive data of hundreds or thousands of people, there's no excuse for taking the least-expensive-coder route. Coding security into a Web application takes a programmer with practical experience. In this case, that didn't happen. The money you spend on a secure site architecture at the beginning may save you from major embarrassment later, after some kid breaks your security model in five minutes. Remember, "security through obscurity" provides no security at all.
Busted big-time—by the bank
Testing oversight: Contact fields transposed during financial database migration
Consequence: Financial services firm sends detailed "secret" savings and charge card records made for mistresses to customers' wives.
It's hard to get away with an affair when the bank won't play along. That's what some high-roller clients of an unnamed financial services firm learned when the firm sent statements containing full details of account holders' assets to their home addresses.
Although that might not sound like a recipe for disaster, this particular firm—which requires a $10 million minimum deposit to open an account—is in the business of providing, shall we say, a financial masquerade for those who wish to sock away cash they don't want certain members of their marriage to know about.
Customers who desire this kind of service typically had one (somewhat abridged) statement mailed home, and another, more detailed (read: incriminating) statement mailed to another address.
When the firm instituted a major upgrade to its customer-facing portal, however, a database migration error slipped through the cracks. The customer's home address was used for the full, unabridged account statements. The nature and character of the discussions between account holder and spouse regarding charges for hotel rooms, expensive jewelry, flowers, and dinners are left as an exercise for the imagination.
software development
Receive the latest security news as it breaks.
