Application Security Testing: An Integral Part of DevOps
By Nilesh Patel
If you're squeezed for time and you don't have the bandwidth to implement a new automation strategy, it makes sense to consider outsourcing. You can find the right skillset much faster and at a fraction of the price it would cost to recruit and train. The trick is finding the right partner for the job. It's not about issuing orders; it's about outsourcing a partner that can add strategic insight and bring a wealth of experience to the table.
Automate for the Right Reasons
Before we explore how to assess a potential partner, you should stop to consider why you're automating in the first place. Be aware that automation is not going to replace all manual testing. It can shift the burden of repetitive tasks, freeing up your manual testers to focus their efforts where it counts. It also can help to shorten the development cycle and give you a wider range of coverage.
Make sure you understand the delivery expectations and set goals accordingly for the automation strategy. If you're looking to shorten the dev cycle, you need to figure out what the scope is, and understand the technology being used. If you're breaking down repetitive tasks, you need to make sure tests are stable and assess repetitive actions. For wider coverage, you should look at the environment you're using, consider how long the regression cycle is, and take the time to examine which tests are outdated.
Find the Right Partner for You
Before diving into the details and planning out your automation strategy, you want to get a partner onboard. The idea is to leverage their experience to help you come up with a plan that will roll out smoothly and enable you to achieve your goals. To that end, you need to find someone that has successfully implemented test automation strategies before. The more experience they have, the better.
You'll also want to make sure that they have the skillset you need. Can they handle your project and the associated nuances? Draw up a list of essential skills. If you need functional UI testing, automated Web services testing, and performance testing, look for a relevant track record. Experience in your industry also could help them hit the ground running, particularly if there are lots of regulatory considerations.
Another thing to assess is whether they can bring any tools or accelerators with them. If they already have an automation framework or tool that can be integrated with your technology stack, it's going to cut down on ramp-up time, tool investment expenses, and overall disruption to scheduled delivery. When you find a partner that ticks all these boxes, you should sit down with them and begin planning.
Build a Solid Foundation
Begin with a thorough analysis of what needs to be automated. Use mind maps to create a clear picture of where your coverage is lacking, or what can be further streamlined. The idea is to prioritize your automation candidates. You'll want to decide where to start and maintain a backlog that can be cleared down the line.
Tool adoption is going to be very important. You need automation tools that can be integrated with your technology stack. Assess the choices, look at open source versus COTS, and find the best fit. Think of these tools as accelerators that should help you speed up your scripting, your execution, and your reporting.
When you have identified the tools, you can work out execution times and compatibility. Consider visibility between the different groups and ensure you have precise reporting. Are they executable on all your different browser types, devices, or other relevant software?
Take your prioritized list of automation candidates, put it together with your chosen tools, and work out an implementation plan that shows exactly how much effort each script will take to produce. Set up a test environment that mimics the different configurations your company needs. You now have a roadmap in place for a successful rollout.
Build for Refinement
Your test strategy should not be set in stone. It will benefit from refinement and it's going to be much easier to adapt later if you consider this from the outset. Your automation framework has to be extensible. Make sure the design includes easily modifiable scripts. It should be possible for multiple team members to adjust them if required; don't create scripts that only one person understands.
Define your scripting mode and try to implement "self-healing" scripts. You need to be able to run them over and over with minimal input. Think about modularizing and automating common functions, so you aren't reinventing the wheel every time your write a new script. Your execution should be able to handle different logging levels, with error handling built-in, so it cleans up the scripts efficiently.
The right outsourcing partner could be the difference between success and failure. Don't choose someone to implement your strategy; find a partner with experience and a willingness to help you plan a strategy that will succeed.
About the Author
Nilesh Patel is QA Manager at KMS Technology, a provider of IT services across the software development lifecycle with offices in Atlanta, GA and Ho Chi Minh City, Vietnam. He was previously Senior QA Engineer at LexisNexis and, before that, a QA Engineer at Oracle. Prior to Oracle, he was QA Engineer for ChoicePoint and Lead QA Analyst for Revenue Technologies.
Contact him at firstname.lastname@example.org.