Aside from tools, TechExcel’s Hammon believes that as teams start to get smaller and more connected, they lose sight of great test planning, and that’s where organizations can improve. Test plans need to consider the multiple platforms the apps are going to run on, how they are going to solve the problems that arise with the different platforms, and how to get adequate coverage on them, he explained.
The software testing industry is advancing, but it isn’t finished yet; this is only the beginning, according to SOASTA’s Lounibos. “Ultimately all of us are dramatically changing the technologies and the approaches of delivering quality user experiences,” he said. “The focus is all about the user experience; it is all about the customer experience. That is the biggest driver of all because you have so much revenue associated with getting it and doing it right. We are only in the first inning of this whole new evolution of how we test applications.”
Staying out of the headlines
Almost every month or every week, a new headline comes out about the latest software vulnerability that sends security researchers into a frenzy. But software security is just as much of a responsibility to the software testing team as it is to the security team, according to SOASTA’s Johnson.
“One of the challenges I have had with the testing community is that mentality of ‘Oh, it’s not my problem at the end of the day,’ but it is,” he said. “It is important for the growth of the testing industry for testers to really take ownership that they work for a company that is selling or delivering a service.”
First and foremost, testers need to be aware of known vulnerabilities and run security tools against every build looking for them, according to Orasi’s Billingsley. “There is no excuse for a SQL injection hack,” he said. “That is so well known and there are so many good tools to find that. It should be a thing of the past.”
But going beyond known vulnerabilities is where making sure software is secure becomes tricky. When it comes to security, testers need to put their black hats on and think like a hacker, according to Rogue Wave’s Cope. To think like a hacker, they need to understand how they hack. He explained that testers should take a look at the stories that come out about hacks, try to figure out the root causes, and then try to reproduce them.
“Don’t necessarily listen to these developers who say, ‘Well this part of the code is good,’ ” said Cope. “Assume it is all vulnerable all the time, and try to be malicious with the code.”
As hackers get more and more intelligent, companies should also set aside some time for testers to stay on the cutting edge of what a hacker is up to, according to TechExcel’s Hammon. He explained that being aware of what is going on the outside of an application and being aware of new security issues is an important part of being a software tester.
“Make sure that if something is changing the way a browser works, and you are using plug-ins, that may not be caught by the development team,” said Hammon. “Hopefully the QA team has educated themselves to make sure that they are catching those issues.”