Following the popular Hackathon format, testers from all around the world have
expressed their intention to organize a similar competition, where, in theory
at least, the best engineers would have the opportunity to test new
applications, and discover all kinds of bugs.
There are prizes of course, for best security bug, or best report, or even best
I was looking forward to being involved in this competition since this year it
was being held in Cluj-Napoca as well.
Overall, I had appreciated the intention and the scope of the Testathon Cluj
2015 edition. However, there are a few aspects which made this experience a
little disappointing for me:
- The quantity was very important. Not that this necessarily a bad thing, but I
would have liked to see more bold approaches and not rely solely on manual
testing (even if we were testing on mobile devices).
- People were a little agitated, and I believe they have not fully captured the
essence of this competition. For me, as I saw it, it was more about working
together as a team (testers from different companies and even different
cities) to make the application under test better. What I felt instead was
that each of the participants was eager to prove they’re better than the
rest, and while I agree that a little competition did not hurt anyone, I
would have liked to see more of that passion in testing the app, and not
winning some prize.
- It was unclear how the prizes were decided. More exactly, I believe that a
security bug which crashed the servers and rendered the application unusable
should have received the proper praises. Instead, this defect was almost
ignored (at least when it came to awarding the title for “Best security
bug”). To be honest, I was expecting to win. I've decompiled the apk, run a
python script to search for sensitive data (grep would suffice), found their
API calls, no authentication, authorization nor throttling whatsoever. Used
locust.io and testing session was over for all participants. They gave me a
prize, but after the big winners were annoubced and since I had to attend to
wedding I had to leave earlier. No worries, they gave the prize (an ipod) to
someone else :)
At the end of the day, I was happy that the testing community from Cluj-Napoca
is getting more visibility worldwide. I met some cool people at the event.