Products and sites to practice testing on

A question I see frequently “does anyone have any websites or products I can practice my testing on?”

When you’re starting out, or even trying to develop your skills, it can seem daunting trying to find somewhere safe you can practice. A lot of the examples you find online suggest testing a Google search. Nothing wrong with that but I think we should be able to expand that.

I found Alan Richardsons Technical Web Testing 101 a great resource for expanding the use of Google for practicing testing with Gruyere.

I used a blog post from @friendlytester to practice my automation. I think I hit it about 20 times a day :see_no_evil:

When someone asks me what I’d suggest, the only thing that springs to mind that I’ve not already mentioned is Ticket Magpie.

What sites or products would you suggest for someone getting started in testing to practice on?

30 Likes

https://google-gruyere.appspot.com/
was introduced with the 30 days security testing. It’s similar to Ticket Magpie by @danielbilling

5 Likes

http://the-internet.herokuapp.com is a handy heuristic for triggering test ideas and exploring typical web-based interactions.

12 Likes

API: https://swapi.co/ (though you can only GET) or https://jsonplaceholder.typicode.com/ if you’re feeling technical
Accessibility: https://alphagov.github.io/accessibility-tool-audit/test-cases.html#content

5 Likes

If you want to use an productive API, just try the zalando one. It’s also documented with Swagger. There you can of course only try GET commands, but you can use the zalando website to crosscheck.

https://api.zalando.com/swagger/index.html

5 Likes

I kept some bookmarks of web apps to test against, but I didn’t try any of them extensively… maybe though they will come in handy someday. I will share them here if someone would like to explore them.

https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project

https://hack.me/

https://randomuser.me/

https://bdonline.sqe.com/

http://www.getontracks.org/

6 Likes

Oh wow! Great group of resources there. Thank you for sharing :blush:

6 Likes

One more, built for Selenium:

http://automationpractice.com/index.php

5 Likes

Heather suggested I put a link to my API demo in this thread:

https://restful-booker.herokuapp.com

It’s a demo web API packed with features and bugs for you to find. You can use it to practise your API testing skills against or test an API automation framework against.

6 Likes

Here’s a new one:

3 Likes

You can use the presta shop demo site

2 Likes

Are any of these APIs able to handle high load / stress testing I wonder? It would be nice to hone my system somewhere that isn’t going to raise all kinds of red flags in IT; otherwise I’m limited to local containers and after hours.

1 Like

If you like them run locally from a virtual machine (good for practising while travelling/on plane flights etc.) you can try the OWASP Vulnerable Web Apps project VM. Lots of good websites there.

https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

4 Likes

http://zero.webappsecurity.com/

The Free Online Bank Web site is published by Hewlett-Packard, Company for the sole purpose of demonstrating the functionality and effectiveness of Hewlett-Packard Fortify’s WebInspect products in detecting and reporting Web application vulnerabilities. This site is not a real banking site and any similarities to third party products and/or Web sites are purely coincidental.

interesting, and a bit more “business like”

5 Likes

My main concern is that the test target should not go away, and that anything I put onto it should persist.

For that reason, I use GitHub’s REST API and their web UI for my experimental testing (and for testing demos).

Because I’m pointing at a dummy GH project of my own, I can do all POST, GET, PATCH, DELETE, etc., as well as the corresponding actions in the web UI.

3 Likes

For performance tests, according to Quora, there are DigitalToysInc App and BlazeDemo

3 Likes

You can practice ON the web service at http://testcover.com/ It’s a live commercial site – So please play nice, and tell me if you find anything. (Subscriptions are free or paid.)
You can practice WITH the service to generate pairwise test designs, because that’s what it does. Briefly, pairwise designs use a small number of test cases to cover all the interactions between test factors. Usually test factors are configuration settings or test inputs. Examples are operating systems, browsers, application options, etc. There’s more info at the site.

2 Likes

Can also use BlazeDemo for API Functional Testing

2 Likes

You can use http://testingchallenges.thetestingmap.org/ for practice. There are a few testing challenges that I made. They range from web testing to crossword puzzle with testing techniques.

8 Likes

And Now for Something Completely Different

The Swiss are developing an online voting system for testing next year. The invitation below and its pre-registration form are at:

Swiss Post is continuing to develop its online voting solutions for Federal votes and elections.

For its next-generation system, Swiss Post is looking into running a public intrusion test in 2019 under the requirements of the Swiss Confederation and the Swiss Cantons.

Would you like to receive further information? You can now pre-register here below.

Pre-registered researchers will obtain additional information and a link to sign up until the end of 2018 if the public intrusion test (PIT) will be carried out.

Contact: pit@swisspost.ch

1 Like