Exploratory and Security Testing For a Virtual Space Solution
Industry
Country
Type of Service
Cooperation Type
Project Type
Test Coverage
Overview
The client is a laboratory for creative innovations based on new technologies, data, and cutting-edge software experiments. The company prototypes and implements valuable digital experiences, shaping sustainable change and facing the challenges of the future related to technologies such as virtual spaces, AI, and ML.
Their project is the most advanced solution to rethink the way of connecting humans in virtual space. It is a photorealistic 3D environment aimed to create more immersive and meaningful digital experiences. This interactive stream technology was launched as a result of rethinking social environments and digital experiences.
* We recognize the importance of protecting our clients’ privacy and follow the policies to maintain their confidentiality and security. That is why the company name will not be disclosed.
Challenge
The client developed a 3D environment for the eco-expo for one of the leading automotive manufacturers, and they needed to test it before the event. Thus, the QA team had a strict, non-negotiable deadline.
The task wasn’t typical, but it certainly was fascinating and challenging. Working with the project reminded us of a mix of game testing (graphics and textures, navigation, interaction) and web testing (functionality and interface).
One of the tasks was to test the application for remote hacking. The team was to run a Web Application Security Test to see if there was a possibility of accessing sensitive information (both the client’s and users’) or shutting down the application due to remote attacks.
Solution
We agreed to run testing on the estimate, involving as many specialists as possible to finish the QA activities within the tight deadlines. As the project documentation wasn’t finalized, it was decided to run exploratory tests and report everything the QA team considered wrong.
The QA team had several calls with the client to learn more about the project and its tech details. We received and studied the documents describing the flow of the virtual world and the design files.
The project was divided into four parts for convenience:
- game-level functionality;
- web-level functionality;
- user interface;
- security.
Each part got a separate document for bug reporting sent for the client’s approval.
As for the security part, to meet the client’s budget expectations, we covered the basic minimum. It included testing for technical vulnerabilities (OWASP Top10, which are the ten most common web application security risks) and testing for business logic errors (or API security). Most tests were executed manually.
Results
The QA engineers detected and reported around 200 bugs. The team also noted and described the inconsistencies and problems in software logic. We recommend paying more attention to documentation for future projects, as it would make testing more accurate and, therefore, more effective.
As for the app security, testing revealed a critical vulnerability in the general chat that allowed disruption of the work of the application and a business logic vulnerability. We shared detailed recommendations to address the shortcomings, and the client did it immediately. As a result, the application has become safer.
Despite the challenges set by short deadlines and incomplete documentation, our team delivered the result our partners expected.
Let’s Start a New Project Together
QA Madness helps tech companies strengthen their in-house teams by staffing dedicated manual and automated testing experts.
Relevant Case Studies
Ready to speed up the testing process?