To hire beta testers or test it myself?

[mattkenefick]

I recently just finished a big project for my company and our client is in a hurry to rush it to release. I'm pretty sure that I've covered most of my bases in terms of entry points, injection vulnerability, HTTPS, and such.. but there's always something. This is my least favorite part of any project is that 99% point cause you're always wondering what's left even though there might not be anything, but at the same time, there's always something.

 

This site is pretty extensive and there's a lot of things to test. I don't think my company can afford to do it and I also don't know how good an idea it'd be for me to do it since I've been working on it for so long. I know what to do and what not to do.

 

Should we tell these guys to hire some beta testers to thoroughly test and document it or what do you think?

Have you ever hired beta testers?

 

And when I say it's a big site, I don't mean like a forum is big.. It's like extensive like a community site mixed with e-bay would be.. so there are a lot of bases to cover (one of the reasons I don't want to do it.)

 

Thanks!

[adam291086]

if you have clearly stated that you have not tested this, then the problem is the companies. You can suggest to hire some testers. If they chose to ignore you, then it's their problem and not yours. It all depends on the contract between you and the client.

 

If you have said you will test it, then it is you obligation to test. If the site is hacked then you are to blame and people start sueing.

[cooldude832]

It really depends on how your contract is with them.  For some people I have to guarantee working to the specs we agreed at the initial start of a project, for others its distributed As-IS for others I make it as I can, then there team takes it over from there and ask me questions about portions  of it.  You need to figure out which class you fall under, if you are sppose to be giving a finalized project then you should absolutely get some peopel to monkey with it and try and break it, and charge the company for it.

[mattkenefick]

Cooldude makes a good point. We could hire , and "hire", some people to try to take it down then charge the company.

 

I don't think that we have any agreement about testing it. I mean, of course I've tested it as I've been going pretty thoroughly but there's always something. Cause even though I've done the on site tests like injection, session hijacking and such.. I didn't do any like, raw data posts to it.. or ddos attacks or anything like that.

 

I feel bad giving it to them because I've grown so attached to the project but *sigh* it's all grown up now.

[AndyB]

Sounds like a MicroSoft product - rush to release, 'most stuff' has been tested, let the suckers who buy it find the hidden bombshells, etc.  Then offer an upgrade to Version 2.3.2.9 at 'nominal' cost.

 

Seriously, if this is a 'big' application then user-testing AND usability testing surely are part of any contract.  Did the client expect it to work? Did the client expect normal humans (and all their fallabilities) would be able to use the site successfully? Is there an implied "fitness for purpose intended" in the contract?

 

The "I know what to do and what not to do" strongly suggests that user testing is essential - un-prompted user testing that is.

 

if you have clearly stated that you have not tested this, then the problem is the companies.

 

I'm surprised that anybody would advise a purchaser that it hasn't been tested. Why would they accept it?  Perhaps, you can document the testing that HAS been done, and offer some suggestions on further testing that might be valuable (at some cost) if the client thinks it necesary.

[revraz]

And how would you feel if you bought something that didn't work?

 

I don't think that we have any agreement about testing it. I mean, of course I've tested it as I've been going pretty thoroughly but there's always something. Cause even though I've done the on site tests like injection, session hijacking and such.. I didn't do any like, raw data posts to it.. or ddos attacks or anything like that.

 

[tinker]

a good business grows on reputation, tell em what youve done, that everything youve done has had this in mind and that you'll continue to do so when time is appropriate or if they inform you about anything. What could be worse then you nt being their pal frank and then they get hacked, lose loads'a money and never come back to you again whilst trashing your reputation. If your upfront you never know they might just give you extra money and say can you 'manage' the testing and also be extremely pleased with the professional little baby youve popped out and recommend you to all their associates, then you retire with lotsa lovelies and goodies whilst relaxing on the beach!

[mattkenefick]

I have certainly tested it and the entire operation works. I wouldn't build something that didn't work. I've spent a long time on it and its practically my baby.

 

One of the problems is that the boss undershot the price on this by a mile, the client kept adding and we shouldn't have accepted their requests, now they are getting eager for it and want it released.

 

The issue is that if I hand it over to them to have them beta test, then they might just skip it and release it. But we can't hold this in our court much longer since we have already gone over on what we should have done. The entire thing works and everything I can think of is sealed up.. but if it were like that, nothing would ever get hacked or have errors.. And this is gonna take more than 1 or 2 people to test, which is all we have available here.

 

I'm certainly not releasing a faulty product.

[tinker]

install a test version online somewhere, post about it here and let the hordes at it, first time I did I had over 30k hits in 24 hours, very funny reading the logs...

[revraz]

There is something called Client Review.  What you do is allow them to use it and take note of anything they find wrong.  If you've done your best in checking it, and they also check it and approve it, then it's all good.  Anything that is found after that is not covered under the contract (I hope you have one), should be a billable item.

[mattkenefick]

Well.. I know about Client Review and everything. This isn't freelance work or anything, it's a legitimate business that really puts out for high end clients. But the issue is that my bosses ( like almost everyones ) don't really understand the work that me and my team does. They know its programming, but to get into detail would be a waste of breath so they don't understand threats.

 

The client is like.. Beverly Hills middle aged men with extra cash to spare and a ripped-off idea. They wouldn't know what to look for if I put their face in it.

 

I know that we can say "You approved".. But I don't want to just see this site fall to the hands of hackers or whatnot especially since I built the whole thing myself. You know? I might have a run on here perhaps.

[fenway]

Just get another bunch of programmers / developers to try and break it... as for the small stuff, that will come up no matter how many times you test it.

[s0c0]

Well there will be bugs, bugs even after being beta tested.  If you don't get it beta tested just hope that you found all the nasty an demoralizing ones.