Eran Kinsbruner, mobile technical evangelist, Perfecto
Perfecto has been playing in this space of software test automation and continuous testing for more than 12 years now, and we have seen so many different organizations of varied maturity levels struggling with continuous testing and just straight test automation. So what we’ve decided in the last year or so is to focus on specific tool suites to help practitioners with different skill sets starting from developers or software test engineers as well as manual business testers, giving them the right tools.
RELATED CONTENT: Testing all the time
If you do not have the skill sets to create test automation in development languages, with Selenium and Appium, we just recently launched Perfecto Codeless. This is a record-and-playback solution for web and mobile testing in the cloud, based on machine learning algorithms that will reduce the headache for maintaining scripts if they change, or if an object has changed. That’s the other level of creation we added, so we can support any level of skill set that you have in your organization.
We also provide a wide range of execution capabilities through CI. We integrate with all the CI servers. We allow you to execute in the cloud on multiple platforms — desktop browsers and mobile native devices — and at the end of the execution, we provide a machine-learning based reporting and analytics solution so you can slice and dice the data. You can get root cause analysis out of each test report at cloud scale.
Mark Lambert, vice president of product, Parasoft
We align Parasoft’s offerings to the testing pyramid. The testing pyramid is advocated by two agile thought leaders, Martin Fowler and Michael Cohn. They talk about organizing your portfolio of tests in a pyramid. Do a lot of unit tests, that’s your base of the pyramid, big and wide. Then you’re going to try to cover as much as possible with those unit tests. Then, you’re going to do API or service-level tests, testing business logic. That’s your middle layer, big, but not as big as unit tests. Then you’re going to minimize your end-to-end UI tests as kind of the small piece at the top, because they’re brittle and hard to maintain, and you have all the external dependency infrastructure. What Parasoft does is we provide technology at each of these layers, so Jtest for unit testing, SOAtest for API testing, and we have technology within SOAtest for web UI testing. Service virtualization helps me take those top two layers of the pyramid and start isolating the code from its external dependencies in a similar way that you would get unit testing at the bottom of the pyramid.
This pyramid gives you a really scalable way of maintaining your testing strategy, but it doesn’t actually address quality. It’s very good for CT, but CT is only part of the solution. CT doesn’t actually help you build quality into the application. What it does is help you detect a problem, and detect it sooner, when it costs less to fix. It’s all about shifting left defect detection. How you build quality into the process is through the use of preventative techniques, such as deep code analysis, and that’s where our language products like Jtest, dotTEST, C++test comes into play. They give you the ability to uncover deep reliability and security issues in the code base before you start testing it in the traditional sense.
Steve Orlando, senior director, product marketing, Mobile Labs
Mobile Labs’ mobile app testing platform, GigaFox helps organizations get started and maintain their continuous testing initiatives in a couple of ways. First, if testers are using Appium for automation, then GigaFox actually comes with built-in Appium, making it even easier for testers to run Appium scripts with faster speed and better performance. In addition, GigaFox enables teams to run more concurrent Appium tests and even makes iOS provisioning fast and easy.
But, even if mobile app dev and QA teams are not using Appium, GigaFox works well with the majority of other commercial and open-source frameworks and tools available for automation. Through easy integration, speed, and management of real devices, GigaFox helps both dev and QA teams streamline and set up an effective continuous testing strategy that works.
Available on-premises or in a hosted environment, GigaFox is the most open and flexible cloud in the mobile space, supporting continuous testing through DevOps integrations and the largest number of third party and open-source tools in the industry.”
Brian Reed, chief mobility officer, NowSecure
The NowSecure automated security testing platform helps organizations overcome the limitations and time constraints of traditional mobile app security testing with the speed, accuracy and integrations required for continuous security testing. NowSecure helps organizations on the journey from Agile to DevOps as they scale to meet the volume and velocity of their business.
NowSecure tests mobile app binaries on real iOS and Android devices using a comprehensive approach of SAST, DAST and behavioral testing and prioritize findings by industry-standard CVSS scores. Automated dynamic and behavioral analysis eliminates the human error and false positives that are typical of manual assessments and source code analysis. The NowSecure solution enables organizations to speed development and delivery by returning accurate testing results in minutes rather than weeks and providing remediation instructions to developers directly into the tools they use.
The NowSecure solution plugs directly into the SDLC, meaning there are no tools for developers to learn. They can configure the NowSecure platform once and run security tests on daily builds in parallel with functional tests. Plug-ins and APIs make it easy to integrate with a myriad of SLDC tools including Archer, Brinqa, CloudBees, CircleCI, Code Dx, Jenkins, Jira, Microsoft Azure DevOps and more.
NowSecure provides interactive dashboards to analyze all app security testing results and trend lines across vulnerabilities, privacy and compliance trends. In addition, NowSecure maps findings to numerous compliance regimes including OWASP, NIAP, FFIEC, PCI DSS, HIPAA, GDPR, CWE, and more. Organizations can also feed testing results into vulnerability and compliance management systems to enable security and risk teams to analyze their overall portfolio.