Skip to main content
Cover image for The Art of Exploratory Testing: Finding Bugs Scripts Miss
QA testing guide

The Art of Exploratory Testing: Finding Bugs Scripts Miss

Master session-based exploratory testing with charters, heuristics, and tours to uncover bugs automation can't catch.

ReleaseLens Team 📖 6 min read

🔍 Why Automated Tests Aren’t Enough

Automated test suites excel at verifying known behaviors. They confirm that the login form accepts valid credentials and rejects invalid ones. What they cannot do is notice that the password field’s error message overlaps the submit button on a 375px viewport, or that typing a Japanese character into the search bar causes a 3-second UI freeze.

Exploratory testing fills this gap by combining simultaneous learning, test design, and execution. The tester investigates the application without a predetermined script, using domain knowledge and heuristics to probe for unexpected behaviors. James Bach and Michael Bolton, who formalized the discipline, define it as “simultaneously designing and executing tests to learn about the system through exploration.”

The critical distinction: exploratory testing is not ad-hoc clicking. It’s a structured, accountable practice with defined techniques for planning, executing, and reporting.

📋 Session-Based Test Management (SBTM)

Session-Based Test Management gives exploratory testing the rigor it needs to be taken seriously in sprint planning. A session is a focused, uninterrupted block of testing with three components:

  • Charter: A one-sentence mission statement. Example: “Explore the checkout flow using saved payment methods with expired cards to discover how the system handles payment failures.”
  • Time box: Typically 60–90 minutes. Shorter sessions (25 minutes) work for focused investigations; longer sessions lead to fatigue and diminishing returns.
  • Debrief: A 10-minute review after each session where the tester reports findings, notes areas not yet explored, and proposes follow-up charters.

Jonathan Bach’s original SBTM metrics remain useful: percentage of session time spent on charter vs. opportunity (unplanned investigation) vs. setup. A healthy session is roughly 80% charter, 15% opportunity, and 5% setup. If setup consistently exceeds 10%, your test environments need work.

Write charters that are specific enough to guide focus but broad enough to allow discovery. “Test the app” is useless. “Test the dashboard with 10,000+ records to explore performance degradation and rendering issues” gives the tester a clear direction while leaving room to follow interesting threads.

🧭 Testing Tours: Systematic Exploration Patterns

When you’re new to a feature or product area, testing tours provide structured paths through unfamiliar territory. Michael Kelly and James Whittaker popularized several tour types, each designed to surface different classes of bugs:

The Feature Tour walks through every visible feature in a section, exercising each control at least once. This catches basic functional gaps — buttons that don’t respond, dropdowns that load empty, toggles that don’t persist.

The Architecture Tour follows data through the system’s layers. Start at the UI, trace the API call in the network tab, check the database record, verify the cache, and confirm the response. This tour surfaces integration bugs: data that saves in the UI but doesn’t reach the database, timestamps stored in the wrong timezone, or API responses that the frontend silently ignores.

The Data Tour pushes boundary values through every input: empty strings, maximum-length strings, Unicode characters, negative numbers, zero, extremely large numbers, SQL injection patterns, and HTML tags. This is where you discover that a phone number field accepts 500 characters, or that pasting an emoji into a SKU field crashes the inventory sync.

The Antisocial Tour deliberately violates assumptions. Disconnect the network mid-save. Open the same record in two tabs and edit it simultaneously. Change the system clock to a date in the past. Revoke permissions mid-workflow. This tour surfaces the bugs that haunt production at 2 AM.

🧠 Heuristics for Spotting Bugs

Heuristics are cognitive shortcuts that direct attention toward likely problem areas. Two frameworks are particularly valuable:

HICCUPPS (James Bach) evaluates consistency across seven dimensions: History, Image, Comparable products, Claims, User expectations, Product itself, Purpose, Statutes. When the application behaves inconsistently with any of these oracles, you’ve likely found a bug. For example, if the settings page says “Your data is saved automatically” (Claims) but you lose unsaved work when navigating away (Product behavior), that inconsistency is a reportable defect.

FEW HICCUPS extends this with three additional oracles: Familiarity (does it work like similar things you’ve used?), Explainability (can you explain why it works this way?), and World (does it align with how the real world works?). If a calendar app lets you schedule a meeting on February 30, the World oracle catches it.

In practice, carry a mental checklist: after each interaction, ask yourself, “Is this consistent with what I expected? With what the documentation says? With how the rest of the app behaves? With how competitors handle this?”

📝 Note-Taking That Makes Findings Actionable

The value of exploratory testing evaporates if findings aren’t captured in enough detail to reproduce and prioritize. Effective session notes include:

  • Timestamped observations: “14:23 — Clicked ‘Export CSV’ with date filter set to last 90 days. Spinner appeared for 47 seconds. Export completed with only 30 days of data.”
  • Screenshots and screen recordings: Tools like Loom or built-in OS recording capture the context that written descriptions miss.
  • Environment details: Browser version, viewport size, OS, user role, data state. A bug that only appears in Safari with a free-tier account needs those specifics to be actionable.
  • Severity assessment: Distinguish between “the button color is wrong” and “the payment processes twice.” Your debrief should prioritize findings by user impact.

Tools like Rapid Reporter, TestBuddy, or even a simple markdown template in your IDE keep notes structured without slowing you down. The key is capturing enough context during the session that you don’t need to reproduce the issue to write the bug report afterward.

🤝 Pairing Exploratory Testing with Automation

Exploratory testing and automated testing are not competitors — they’re complements. The most effective quality strategy uses exploratory testing to discover bugs and automation to prevent regressions.

After an exploratory session surfaces an edge case, write an automated test that locks in the fix. If your data tour reveals that the API returns a 500 error when the quantity field is zero, that scenario belongs in your integration test suite permanently.

A practical workflow: run one exploratory session per sprint per major feature area. Each session generates 3–8 findings. The critical findings get fixed and covered by automated tests. Over time, your automated suite grows to reflect real-world edge cases rather than just the happy paths the developer imagined during implementation.

Track your bug escape rate — the number of production bugs found by users versus found internally. Teams that invest consistently in exploratory testing typically see bug escape rates drop below 15%, compared to 30–40% for teams relying solely on automated checks.

Want a professional assessment of your testing strategy’s blind spots? A ReleaseLens QA Audit evaluates your test coverage, exploratory practices, and CI pipeline to pinpoint where critical bugs are slipping through.

Back to all articles

Want an expert review of your product?

Professional QA, UX, CRO, and SEO audits. Delivered in 5–10 days.

View audit services Talk to us