By Andréia Ribeiro
Applying Session-Based Test Management (SBTM) in a banking application
During a Software Testing Mentorship led by Júlio de Lima, I participated in a group challenge focused on applying structured exploratory testing in practice.
The activity was based on Session-Based Test Management (SBTM), a methodology introduced by Jonathan Bach and James Bach, and aimed to demonstrate how exploratory testing can be both flexible and accountable.
Here I share how we approached the testing process, the issues we uncovered, and the key lessons learned from this experience..
First, what is SBTM?
Session-Based Test Management (SBTM) is a structured approach to exploratory testing that combines the freedom of exploratory testing with the accountability and traceability usually associated with scripted tests. Unlike traditional testing, where the focus is on predefined test cases, in SBTM the main unit of work is a testing session. This makes it particularly suitable for complex or rapidly changing applications where creativity and adaptability are key.
Each testing session is designed to be:
Mission-driven (charter): Every session starts with a clear goal or charter, defining what the tester intends to explore. This keeps testing purposeful and aligned with project priorities.
Time-boxed: Sessions have a fixed duration, typically between 60 and 120 minutes, which encourages focus and prevents over-investment in any single area.
Reportable: Each session concludes with a concise report summarizing findings, risks, defects, and observations. This ensures transparency and enables review and collaboration across the team.
By structuring exploratory testing into defined sessions, SBTM provides a balance between freedom and discipline. Testers can think critically and explore creatively, while managers and stakeholders can track progress, review evidence, and maintain confidence in the quality of testing performed. In short, SBTM transforms exploratory testing from a purely informal activity into a repeatable, measurable, and highly effective QA practice.
Test Context
For this exploratory testing exercise, our team chose to apply Session-Based Test Management (SBTM) to a web-based banking simulation application, which we’ll refer to as Banco-Web. The application included key functionalities commonly found in online banking:
- Login – user authentication and access control
- Transfers – sending money between accounts
- Token validation – security measures and multi-factor authentication
- Transfer list – viewing past transactions and history
- Risks – potential areas where the application might fail or behave unpredictably
- Defects – functional issues and inconsistencies
- Questions & observations – areas requiring clarification or improvement
In our SBTM exercise, each testing session followed a clear and consistent structure inspired by Jonathan Bach’s guidelines. The general layout looked like this:
Session Info:
- Start date and time
- Tester’s name
- Module or feature being tested
Test Charter:
- Clear mission describing the focus of the session
- Heuristics or guiding principles, such as:
General heuristics: CRUD operations, data persistence, interruptions
Data type attacks: value formatting, insufficient balances
UI tests: pagination buttons, page refresh, responsiveness
Business rules: token requirements, authorization flows
- Questions to investigate and goals of the session
Session Size:
- Duration (typically 60–120 minutes, but flexible for each member determine the time)
Notes / Observations:
- Key findings from the session
- Information and potential risks noted during testing
Defects / Issues:
- Bugs identified during the session
- Usability or functional inconsistencies
Questions / Clarifications:
- Follow-up questions about expected behavior or system standards
My Testing Session
Module: Transfer List
Charter: Explore the transfer list functionality, focusing on:
- Pagination
- Data consistency
- Real-time updates
- Token feedback
Techniques Used:
- CRUD heuristics (create, read, persistence)
- Data validation (formatting, balance rules)
- UI/UX exploration (pagination, responsiveness)
- Business rules validation (token requirement)
During a 60-minute session, I performed multiple transactions across different users and scenarios to observe how the system behaves under realistic conditions. This approach allowed me to uncover both functional issues and usability gaps, while applying structured exploratory testing to maintain focus and traceability.
Key Findings
🔴 Defects
- Pagination issue:
The “next page” button becomes active, but navigating to it displays an empty list, indicating a flaw in item count logic.
Values are displayed as R$ 3450.00 instead of the expected Brazilian format R$ 3.450,00.
Bank app from Software Testing Mentorship with Julio de Lima
Account balances only update after refreshing the page, suggesting a missing reactive front-end or backend communication issue.
4.User data inconsistency:
After switching users, the transfer list still displays previous user data, indicating a serious data isolation issue.
Risks
Lack of token feedback:
Transfers requiring a token provide no clear visual indication that the token was used.
Pagination visibility issue:
New transactions only appear on the first page, making them invisible if the user is browsing other pages.
Questions Raised
Should balances update in real time after transactions?
What is the expected behaviour for pagination when new data is added?
Is the currency formatting aligned with locale standards?
What I Learned
This experience reinforced several important testing principles for me personally:
Exploratory testing can be structured without losing flexibility – SBTM allowed me to explore freely while staying focused.
Time-boxing helps maintain focus and productivity – short, defined sessions encouraged disciplined exploration.
Lightweight documentation can provide strong traceability – session reports made findings easy to share and review.
Testing is more than finding bugs – it’s about understanding risks, system behavior, and potential usability issues.
At the same time, as a team, we also learned valuable lessons:
Exploratory testing benefits from structure – charters, time-boxing, and reporting provide clarity and measurable progress.
Realistic scenarios uncover hidden issues – simulating real user workflows revealed edge cases that scripted tests might miss.
Collaboration amplifies understanding – sharing session results improved collective awareness and highlighted patterns across the system.
Balance of freedom and focus is key – SBTM lets testers think critically and creatively while staying aligned with project goals.
Key Takeaways
Overall, the exercise highlighted how structured exploratory testing bridges individual critical thinking with team alignment, making testing more effective and insightful.
Why This Matters
Applying SBTM in practice showed that structured exploratory testing can efficiently uncover both functional defects and usability issues. It also emphasized the importance of:
- Thinking critically about system behavior
- Identifying risks beyond obvious failures
- Communicating findings clearly and effectively
Before this experience, I viewed exploratory testing as informal and difficult to measure. Now, I understand that with the right structure, it becomes a powerful and efficient testing approach.
Moving from Learning to Thinking Like a QA
More importantly, this challenge helped me transition from simply learning testing concepts to thinking like a QA professional. The combination of structured thinking and exploratory freedom is a skill that is critical for any QA engineer, enabling testers to deliver meaningful insights, ensure software quality, and collaborate effectively within a team.
Acknowledgements
This exercise was carried out in collaboration with Arthur Vieira, Patrícia Maforte, and Sandra Barros.
References & Links
Full Report: Available on GitHub – QA Projects / QA Mentorship Challenge
Article: Session-Based Test Management by Jonathan & James Bach
Mentorship: Software Testing Mentorship with Julio de Lima
Comments
Post a Comment