This year had its fair share of breached enterprise networks and software glitches. From more than 38 million Adobe passwords being compromised to the embarrassing launch of HealthCare.gov, software developers were left scratching their heads on how to improve the quality and security of their programs.
The year started off with a stronger focus on testing. In January, Coverity (a development testing tool provider) and SQS (a software quality and testing services provider), teamed up to expand traditional software testing upstream into development. The new partnership combines SQS’ knowledge in quality process improvement through the software development life cycle with Coverity’s technology in order to help companies build efficient software quality-testing processes and prioritize spending.
Throughout the year, many companies began releasing new testing systems. In February, Seapine released the Defect Scribe testing service to help developers do better manual and exploratory testing. Zeenyx released an automated software testing tool, AscentialTest version 6, in June. In October, Load Impact released an automated Server Metric Agent to help developers detect, measure, analyze and predict server performance problems within applications and websites.
But even with new testing strategies, software securities were still compromised.
In March, the RSA Conference in San Francisco focused on traditional security practices over hot new inventions. The conference also addressed issues of security within the cloud. SafeNet’s CEO Dave Hansen said the problem is that there isn’t enough encryption in cloud-based data-driven applications, and that companies don’t decide to encrypt their cloud data until after they’ve been breached.
By May, free online training courses were being offered by SAFECode in an attempt to close the gaps in security engineering knowledge.
May also brought a new risk to app security. According to the Open Web Application Security Project’s (OWASP) Top 10 list for 2013, the newest risk to app security is using components with known vulnerabilities. This highlighted the importance of developers using secure components to avoid exploitation by hackers. Jeff Williams, founding member of OWASP, advised developers to always keep their components up to date in order to avoid using vulnerable components.
After more than 38 million encrypted passwords were stolen from Adobe, Carnegie Mellon University revealed a new password system to address the growing security breach problem. It developed a system called Generating panOptic Turing Tests to Tell Computers and Humans Apart (GOTCHA) that uses inkblots and phrases to increase security beyond encryption and hash functions.
The year ended with a strong emphasis on continuous testing, from development to production. Testing throughout all stages helps prevent performance bottlenecks and assures quality software, according to Tom Lounibos, CEO of SOASTA, a cloud and mobile testing company.
Parasoft promoted continuous testing in September with its release in September of Service Virtualization, an automated infrastructure for continuous testing. Testing early and often reduces risk exposure and brings quality functionality to the market faster, according to Parasoft’s chief strategy officer Wayne Ariola.
And finally, in November, SOASTA revealed 10 tips to improve user experience and application performance, with each putting a strong emphasis on testing at every stage.