Why do we need test automation?

Manual testing is all about executing test cases by hand, without the support of any tools or scripts.
Automated testing, on the other hand, allows us to execute these test cases faster and more simply with the help of various tools, scripts, and software.

For the large number of organisations embracing Agile working practices, end-to-end automation and DevOps it’s becoming necessary to fully automate and streamline testing to be able to keep up with the pace of change. Automated testing is especially helpful in situations where the code changes frequently or when using a varied infrastructure landscape. This is something I experienced first-hand when working on the Sandhata Bank project.

Benefits of automated testing

• Speed: By removing manual steps, the execution process can be 1000’s of times faster.
• Reusability: Automated test cases can be reused/rerun with just a single click.
• Quality: Automation ensures that the test coverage is always as complete as possible, and helps to identify bugs early in the development process.
• Efficiency: The ability to run tests simultaneously means shorter test cycles.

Things that fascinated me in automation testing

RIT makes it possible to execute test steps automatically without any manual tasks. To do this, we use a programming approach to emulate a user’s interaction with an application, and then verify the test steps using various programming assertions. The range of features and functions available nowadays to validate test steps I find incredible. They really allow you to automate pretty much everything that is needed to probe and analyse code in a great deal of depth. We have come a long way from the early days of test automation with just basic comparison features.

When I first learnt about the concepts of Service Virtualisation (SV), I was bowled over by the possibilities it can provide. As I gained a deeper understanding of how it all works, I could fully appreciate the power of SV and its potential impact on a software project.

In my view, if harnessed correctly, SV really has the capability to eliminate bottlenecks in software delivery and increase the speed of change – by removing pretty much all dependencies.

Test automation types and tools

Most recently, I have been able to work on the whole range of testing for the Sandhata Bank project: unit testing, system integration testing, system testing and load testing. (Read more about Sandhata Bank and our DevOps Innovation platform here.)

Initially, we built all of our test harnesses using RIT, then implemented Service Virtualisation with RTVS (Rational Test Virtualisation Server) to remove dependencies and create full end-to-end automation so we could achieve Continuous Delivery. Since then, I have used several other tools for automated testing – including Selenium, Junit, and Karma.

The test automation difference

The biggest difference of test automation is in the ability to launch all the necessary testing functions at just the click of a button. Removing the need for manual steps helps to streamline the process and returns the results quickly. What’s not to like?

Curious about working at Sandhata?

Take a look at our Openings page or download your copy of our Career Guide to start your own journey in test automation or any of the other exciting areas we operate in.

The post My test automation journey appeared first on Sandhata.

This means that the security testing, validation and approvals must be automated and able to evolve with your changing application.

Continuous Security Testing

New tools are constantly being released, providing continuous security testing capabilities. Here at Sandhata, we wanted to incorporate continuous security testing into our evolving demonstration application, Sandhata Bank, which runs on our live DevOps Innovation Platform. Part of my role in this project was to research and try out different security testing tools; both open source tools as well as those commercially available.

Tools overview

This is a summary of the tools I looked into, and how we have used them in the Sandhata Bank application.

1. Container Security

Twistlock is a tool focused on container security testing, designed to integrate in an automated way into the end-to-end delivery lifecycle. It offers vulnerability detection, container hardening, compliance enforcement, active threat protection and runtime policy enforcement.

For the Sandhata Bank application, we think that Twistlock is a good choice for container security in our Docker containers. It is on our roadmap to implement Twistlock in a future phase of our Sandhata Bank project.

2. Web Application Security – Static Code Analysis

SonarQube software is an open source quality management platform, built to continuously analyse and measure technical quality. It generates a report showing vulnerabilities, which can be integrated with various tools. There are plugins, for example FindSecurityBugs which can be executed using SonarScanner.

For Sandhata Bank, we implemented Sonar right at the beginning of the project, and it provided us with a way to continuously enforce our coding standards. We have since incorporated other aspects of Sonar, including FindSecurityBugs to continuously analyse the security status of our releases and alert us to any vulnerabilities.

Veracode is a licensed platform covering complete application security, focusing on automation, process and speed. It includes tools to find and fix vulnerabilities in software at every point in the development lifecycle and also offers web application scanning to help catch exceptions, which automated testing could have missed.

We decided to implement SonarQube in favour of Veracode as it seemed a better fit for our purposes. SonarQube had a plugin to integrate with Jenkins, and allowed configuration through the Jenkins UI, which Veracode did not.

Also, SonarQube was able to scan through code to identify vulnerabilities before the code was compiled, so we could incorporate security scanning tight at the start of the CI process.

3. Dynamic Code Analysis

Vega is a free, open source scanner and testing platform to test the security of web applications. The automated scanner crawls websites, extracting links, processing forms, and running modules on possible injection points to submit requests that fuzz parameters, amongst other things.

We haven’t implemented Vega yet as we have focused on enhancing other areas, but this tool is on our list of potential features to be added in future.

Vaddy is an automated web vulnerability scanner with strong CI support. Vaddy gives insight into the security of web apps and easily hooks into the standard deployment process to effectively detect vulnerabilities and deal with them before they become entrenched in the code.

For Sandhata Bank, we decided that Vega was better suited to our needs at the moment, as it is able to perform faster scans than Vaddy – and it is open source.

Going forward

We are continually extending our Sandhata Bank application to incorporate new features and solutions. For more information on the live DevOps Innovation Platform, or to request a personalised demo, contact us today!

Want to know more?

Take a look at the Platform page or contact us on +44 20 7680 7105 for a no-obligation product review.

The post Implementing continuous security appeared first on Sandhata.

A passion for technology

Technology has always fascinated me. There is something almost tantalisingly powerful about it that draws me in. So, entering into IT was a choice I made purely out of passion – unlike countless others. I’ve was pretty sure about this choice even in high school and I have not regretted it once.

From high school to college

As I’ve always been pretty strong-minded about my goals, choosing a focus in high school was a piece of cake. Two years of dedicated hard work later, I secured the score I wanted and then decided to continue my learning journey. I started pursuing B-Tech IT at Panimalar Institute of Technology.
For me, as for most people, the college years were the best times of my life. College taught me all I needed to know to start off a career in the realm of IT, equipping me with sound knowledge in UNIX, Java, JMS, and admin support. I trained to become a software test engineer working on various stages of testing across the project lifecycle.

Choosing a specialism

If there was one thing I was sure about, it was this: The world outside of college – especially the world of software engineering – is peppered with competition. I knew I needed a little something “extra” to create a place for myself in the job market. I spent a reasonable amount of time researching and exploring the options available to me, and eventually narrowed it down to the field of Analytics. Hence, I went for a post-graduation in Business Analytics at SSN College of Engineering. That’s where I was introduced to the world of Big Data Science; the art of interpreting numbers and coming up with innovative solutions to various data related issues. The tools I came to learn included R, SAS, MYSQL, and Excel.

Life and career at Sandhata

I’d done my graduation and post-graduation, both with honours. Now I was equipped to step out into the world.

Being selected to work for Sandhata Technologies has been a bonus in more ways than one. It has given me the perfect head start in my career. Also, as a Sandhata consultant, I’m exposed to an array of responsibilities and diverse experiences. Currently, my work is focussed on testing as a QA Engineer, helping to deliver projects within tight deadlines. I’m learning a wide range of new technologies, and I am already a Certified Associate Developer in RIT.

Life at Sandhata is a mix of wonderful things. There is so much to look forward to. The work culture here is amazing and I’m happy to say that I’m one of those few fortunate people who have managed to make great friends in their workplace. My colleagues are fun and my superiors are very friendly.

Choices make the future

I really must say that so far, the choices I’ve made in my life and career have always led me to where I want to be. From high school to workplace; I’m happy to see how far I have come. But still, my journey has just begun. There are many more cross-roads yet to come, and lots of choices to be made. Whatever our journey looks like, I’m sure we can all learn some valuable lessons along the way – and make the career choices that are the best for us in the end.

Learn more
Want to know more about Sandhata careers, or discuss how we can support you through testing and project delivery? Contact us to have a conversation with me or one of our other experts today!

The post From College to Career appeared first on Sandhata.