Service Virtualization, Development Testing, API Testing Tips

Closing the Barn Door on Software Security

Posted on Jan 22, 2015 7:26:00 AM

By Arthur Hicken, Chief Evangelist at Parasoft

This content was originally published on The Code Curmudgeon web site as the second part of a series on what we can do to contain and combat security breaches.

The rash of security breaches continues unabated, especially in the retail sector. It’s getting to the point where I feel like just pulling my money out of the bank and putting it under my mattress. I had slowly transitioned to using my ATM for all my daily purchases and now I’m back to carrying more cash

In this blog, I’m going to layout some of the reasons why we’ve got such vulnerable software today and what we can do about it. 

Let’s start with some of the most common reasons why we aren’t getting secure software. Here’s the short-list in no particular order:

  • Training

  • Security mindset

  • Not required

  • Test-it-in mentality

The list is actually very intertwined, but I’ll try to separate these issues out the best I can. I’m focusing primarily on software security, rather than network or physical. They’re just as important, but we seem to be doing a better job there than in the code itself.
Read More

Topics: Secure Application Development, Static Analysis, Static Code Analysis


Top 10 Development Testing Resources of 2014: Static Analysis, Security, Unit Testing and More

Posted on Jan 15, 2015 9:18:00 AM

Agile and lean methodologies are undeniably here to stay. As organizations look to accelerate the SDLC, the entire team has to contribute to quality. That's where Development Testing comes into play. For both enterprise and embedded development, organizations are increasingly seeking out ways to eliminate the business risk of faulty software by consistently applying software quality practices such as static analysis, unit testing, and code coverage analysis throughout the SDLC.

In case you missed them, here's a recap of the most popular Development Testing resources in 2014:

  1. PC Maker Enhances the Enterprise User Experience w/ Development Testing: A leading PC company wants to reduce field-reported defects for "preloaded" software. Learn how they are using defect prevention practices such as static analysis to accelerate delivery while ensuring high reliability.

  2. How to Improve Software Quality & Shorten Time to Market with PIE: In this on-demand webinar, learn how process intelligence and Parasoft's Process Intelligence Engine (PIE) addresses the gaps that even the best software quality tools can't resolve.

  3. DDJ's Best Testing Tools of 2014: Parasoft Development Testing Platform: "For those companies desiring a comprehensive solution that covers nearly all aspects of testing throughout the SDLC, rather than a series of point products they have to integrate manually, Parasoft delivers a platform that is hard to beat."

  4. Real World Static Analysis Boot Camp: This two-part webinar explores how to turn static analysis from a disruptive task into an integrated process that boosts software quality and team productivity across the SDLC.

Read More

Topics: Development Testing


The Top Service Virtualization Resources of 2014

Posted on Jan 13, 2015 7:18:56 AM

The concept of leveraging a simulated test environment to "shift left" quality efforts has recently gained considerable attention among large enterprise IT organizations. 

Applying a unified service virtualization initiative has proven to be a powerful tool for assisting organizations to accelerate the SDLC:

  • An organization has a single version of the truth, removing the risks created by having independent brittle stubs. Service virtualization introduces an environment-based approach, allowing the entire organization to access common artifacts that represent critical functionality. 

  • Service virtualization allows for much more complete tests to be executed earlier in each iteration, helping the organization discover application or business risks much earlier.  

  • Service virtualization, in conjunction with hypervisor technologies and cloud, have solved the nagging issue associated with test environment access and control, allowing an organization to truly remove the constraints associated with testing and accelerate an application's release cycle.

Over the past years, Parasoft has been heavily engaged with assisting Global 2000 companies to adopt service virtualization technology. Along the way, we've amassed an extensive set of resources to help the industry better understand the challenges and best practices associated with service virtualization and test environment management. Here's a recap of what service virtualization research, white papers, videos, and other resources were most popular in 2014: 

  1. Gartner Research: Service Virtualization: Read this Gartner research for insight on why SV is a "must-have" for accelerating the SDLC, a first-hand look at SV at Comcast, & recommendations for organizations getting started with SV & SDLC acceleration

  2. Retail Case Study: Early, Extensive Testing for Complex, Distributed Systems: As a leading Fortune 500 retailer advances its omnichannel retail strategy, ensuring a positive user experience on the company’s ecommerce site has become increasingly critical. Learn how Service Virtualization helps them ensure that all transactions associated with this ecommerce site meet or exceed customer expectations 

  3. Parasoft Service Virtualization: 30-Second Demo: See how Parasoft Virtualize allows users to create a virtual asset in just thirty seconds.

  4. Service Virtualization, Performance Testing, and DevOps at Comcast: Lessons from Comcast: Explore the latest service virtualization research and learn best practices and benefits of service virtualization from Comcast’s Director of Performance Test.

  5. The Business Benefits and ROI of Service Virtualization: Since software has undeniably morphed from a business process enabler into a competitive differentiator, companies are faced with a daunting task: accelerating application delivery while mitigating business risk. Learn why leading companies are tackling this challenge by using new simulation technologies such as Service Virtualization to "shift left" their quality efforts.

Read More

Topics: Service Virtualization


Top 10 API Testing Resources of 2014

Posted on Jan 9, 2015 8:30:00 AM

With the emergence of the "API Economy," the risks associated with API failure undeniably have broader business impacts. Thus, it's not surprising that throughout 2014 we saw many organizations recognizing the importance of ensuring that the business-critical APIs they produce and consume continuously deliver the expected level of security, reliability, functionality, and performance.

From our 15+ years of experience helping leading companies adopt our industry-leading enterprise-grade API testing solution, Parasoft  has amassed an extensive set of resources to help the industry better understand the challenges and best practices associated with API Testing. Here's a recap of what API testing white papers, videos, and other resources were most popular in 2014:

  1. API Testing – Gartner Research: Read new Gartner research: why success in the "API economy" requires a new approach to quality processes, the business impacts of API failures, and recommendations for service/API testing.

  2. Testing in the API Economy: Top 5 Myths: This paper exposes the top 5 API testing myths and explains what's needed to ensure application security, reliability, functionality, and performance in the API Economy.

  3. Parasoft's Latest Release: Integrated Platform for Service Virtualization, API Testing, and Test Lab Management: The latest release of Parasoft SOAtest, Virtualize, and Environment Manager consolidates Parasoft's Service Virtualization, API Testing, and Test Lab Management Platform solutions into an advanced platform for simulating and managing the most realistic test environment possible, while enabling continuous functional and integration testing to accelerate the delivery of safe, secure, and reliable software.

  4. API Testing Tutorial: This API Testing Bootcamp begins by exploring four challenges to API integrity, then presents practical advice on what testers can do to verify that an API achieves the level of security, reliability, and performance needed in light of those challenges.

  5. API Testing and Service Virtualization at Ignis Asset Management: A global asset management company needed to accelerate testing for parallel and Agile development. Learn how service virtualization and API test automation reduced testing time for their regression test plan from 10 days to a half day.

Read More

Top 10 Continuous Testing Resources in 2014

Posted on Jan 7, 2015 8:45:47 AM

As the software delivery conveyer belt keeps moving faster and faster in response to today's demand for speed and "Continuous Everything," it's not surprising that 2014 brought a surge of interest in Continuous Testing. Here's Parasoft's list of the most popular Continuous Testing resources in 2014:

  1. Continuous Testing eBook: Continuous Testing provides a real-time, objective assessment of the business risks associated with an application under development. Learn how in this 44-page eBook. 

  2. [INFOGRAPHIC] Continuous Testing:  This Infographic explains how Continuous Testing helps organizations accelerate the SDLC and release with confidence.

  3. The Relationship Between Risk and Continuous Testing: Learn about the relationship between business risks and Continuous Testing, misperceptions about Continuous Testing, and how it helps both business and technical managers to make better trade-off decisions between release scope, time, and quality.

  4. Manage the Business Risks of Application Development with Continuous Testing: Continuous testing provides a real-time, objective assessment of the business risks associated with an application under development. Ultimately, continuous testing can provide a quantitative assessment of risk and produce actionable tasks that will help mitigate these risks before progressing to the next stage of the software development lifecycle.

Read More

Topics: continuous testing


Service Virtualization and DevOps: Learn from Comcast [VIDEO]

Posted on Dec 18, 2014 8:09:00 AM

Despite turning to agile, lean, or DevOps practices to gain a competitive edge, many organizations are nevertheless stifled by limited test environment access. Teams are forced to make a precarious trade-off between time and quality when it can take weeks to access realistic test environment. 

Service virtualization allows developers and testers to access the exact test environments they need on demand. Organizations are able to accelerate the software development lifecycle and reduce risks with simulated test environments that promote earlier, faster, and more complete testing. 

Watch this  new on-demand Service Virtualization Best Practices webinar to explore the latest service virtualization research and get firsthand best practices and benefits of service virtualization from Comcast’s Director of Performance Test, Frank Jennings.

Read More

Topics: Service Virtualization


Continuous Testing Q & A with Parasoft's Wayne Ariola

Posted on Dec 11, 2014 7:19:00 AM

Stickyminds' Cameron Philipp-Edmonds recently interviewed Wayne Ariola (Parasoft Chief Strategy Officer and co-author of Continuous Testing) about how Continuous Testing provides a real-time, objective assessment of the business risks associated with an application under development and allows both business and technical managers to make better trade-off decisions between release scope, time, and quality.

The interview covered topics such as:

  • The relationship between risks and Continuous Testing
  • Common misperceptions about Continuous Testing
  • Who should care about Continuous Testing
  • How we are all in a new era of testing
  • Why now is the best time in the history of software to be a tester

The following is a brief excerpt from the interview...

 

"There are basically four major points associated with continuous testing. One, is the business expectations associated with that application need to be defined. So the business risk associated with the application, the team, or the release candidate needs to be very well defined. When those business expectations are defined, we are able to act upon them.

Read More

Topics: continuous testing


Service Virtualization Case Study: Cloud-Based Continuous Access to a Highly-Restricted Govt. System

Posted on Dec 4, 2014 7:50:00 AM

An education portal application developed by a European non-profit organization links students to the higher education institutions where they wish to study, as well as to the government agency that helps them finance their education. When educational institutions want to develop and test transactions involving this portal, they need access to the behavior of the interconnected government agency’s system—however, this system is not readily available for testing.

Service Virtualization provides these institutions continuous, secure access to the government system behavior that is critical for completing thorough end-to-end tests against the portal application.

 

Read More

Topics: Service Virtualization


PIE- For Development as well as Thanksgiving

Posted on Nov 26, 2014 5:40:00 AM

parasoft-pie

You wouldn't think of having a Thanksgiving meal without pie... but did you know that that pie can be just as essential for development as it is for a hearty Thanksgiving feast?

In terms of development, PIE refers to "Process Intelligence Engine." PIE seeks out patterns buried in data across disparate systems and delivers an actionable list of findings that are prioritized by the organization’s policies. For example, by correlating static analysis observations with unit test observations, PIE can identify application components that present the most significant risk of failure. 

Leveraging PIE, organizations identify business risks across tools, time and teams, which allows them to discover risks and opportunities that humans would most likely overlook.

Read More

Topics: Development Testing


Real World Static Analysis Boot Camp

Posted on Nov 20, 2014 8:36:25 AM

Get Your Static Analysis in Shape with These New On-Demand Training Videos

Considering the tremendous benefit that static analysis can deliver, way too many organizations undervalue and underuse their static analysis investment.

Want to step up broad static analysis adoption across your organization? Give developers and software engineers some real-world, hands on guidance on how to ensure that it's a help rather than a hindrance.

This on-demand Static Analysis Bootcamp explores how to turn static analysis from a disruptive task into an integrated process that boosts software quality and team productivity across the SDLC. 

Session 1
In the first session, our static analysis expert (the Code Curmudgeon himself) covers:

  • Best practices for integrating static analysis into your workflow
  • How to avoid the everyday mistakes that discourage adoption
Read More

Topics: Static Analysis, Static Code Analysis, Development Testing


Subscribe to Email Updates

API Integrity: Gartner Research

APITestingGartner

Read new Gartner API Testing researchlearn why success in the "API economy" requires a new approach to quality, business impacts of API failures & recommendations for service/API testing.

Follow Me