Automated API Testing Helps the Netherlands Secure a Nationwide ID System
The Netherlands recently rolled out a new personal identification system, dubbed the Citizen Service Number (CSN), on a nationwide basis. The CSN is used by health care organizations, governmental entities and immigration officials to ensure proper identification and enable the provision of relevant services.
Considering the importance of this advanced system to the welfare and support of all citizens, the Dutch Ministry of Internal Affairs, which was responsible for its roll out, focused on ensuring that the system’s performance was exceedingly high. Fortunately, the ministry was able to meet its ambitious objectives within a demanding time frame.
Using the top-ranked functional test automation / API testing tool, the organization reduced testing time for new releases of CSN from three weeks to just one day. This enabled the ministry to accelerate the project’s completion while maintaining top levels of software quality. Through regression and load testing, the organization has certified the system’s ability to handle 100 million transactions a year with a peak load of 200 transactions per second.
Challenge: Build a Robust and Secure CSN System
When the Dutch government decided it needed a new system for integrating and managing citizen records and information for identification purposes, it turned to the Ministry of Internal Affairs. The organization, one of 13 government ministries in The Netherlands, is responsible for ensuring the integrity of personal records and documents including travel documents and passports. Agency BPR, a unit overseeing personal document management within the ministry, was given the task of designing, developing and certifying a new system that could handle this momentous task.
The high profile initiative, which would be known as the Citizen Service Number (CSN), demanded that the ministry build a highly robust and secure system within an aggressive timeframe. Not only will performance of the system be closely observed upon roll out, expectations will be extremely high. There is little margin for error. Given these requirements, the ministry recognized early that it would need to take an advanced approach toward software quality management.
Clearly, the stakes were high. “This was going to become the only identification number for citizens of The Netherlands,” says Hedde van der Lugt, the CSN project leader in Agency BPR. “It needed to enhance the efficiency of government and improve services to citizens. We were responsible for ensuring the integrity of the system.”
At launch time, the initiative’s project team was clearly off to a successful start in terms of its programming efforts. It was software testing that needed to be rethought. Test data was being laid out in Excel spreadsheets, which then had to be laboriously copied into current testing tools for regression and load testing. “We released software quickly, but testing was slow in relation to release frequency,” adds van der Lugt. “We needed a testing solution to help us gain time.”
Given the manual nature of existing approaches, it was taking more than three weeks to complete all functional tests. That was an unacceptably slow pace. So, the ministry’s system development team began exploring other alternatives.
Action: Selecting an Automated API Testing Tool that Suited Their Needs
In a thorough assessment of market options, Agency BPR examined proprietary and open source products from an array of sources. It considered multiple technical and security criteria. It also looked at the availability of local service and support. Finally, it took pricing and cost effectiveness into consideration.
Ultimately, the unit concluded that Parasoft’s API Testing solution was the appropriate solution to its challenges. Other tools required extensive scripting or performed poorly in relation to SSL security protocols, or simply cost too much to license.
The Parasoft API Testing solution enabled the effective automation of performance, stress and load testing – critical to ensure the robustness and security of the system. “Parasoft’s API Testing solution was clearly the easiest product to work with,” says Martin Folkerts, the project’s test coordinator. “That was a key issue for us. The users of the testing tools were not programmers. We knew the tool had to be very user friendly.”
The ministry chose to apply API Testing in multiple ways. First, the development group conducted regression tests, ensuring no defects had been introduced in new versions and that previously verified code continued to meet its specifications. Second, they performed load and stress testing to ensure that the system was robust enough to meet exacting demands. Finally, they completed functional testing once their application development partner completed each new release.
Using this test automation, new releases installed in production are accessed by a 10 minute “go, no go” test run to determine the correct installation in production. If there are errors that remain to be corrected, the software code can be sent back to the partner. But if the release is demonstrably stable and secure, then it is incorporated into the system.
Folkerts describes the actual deployment of Parasoft’s API Testing solution as “very easy.” As he explains, “The only thing we had to do was put the test data in a format that the solution could easily read. Then, I made a document explaining Parasoft’s API Testing solution to our team in a couple of days. It was a fairly easy transition. Before this, the testers had to do a lot of copying and pasting so they were very happy with this new approach.”
Results: Speeding Up the Software Development Lifecycle
The payoffs associated with the Parasoft investment have proven very significant. Most importantly, the introduction of Parasoft’s API Testing solution reduced functional testing periods from three weeks to merely one day. “The software offered us significant gains in productivity,” says van der Lugt. “We could generate many more release test cycles within a given timeframe.”
Indeed, the ministry’s development team also saw the productivity of its testing group rise measurably. “The work changed from manual labor to the development of interesting test cases,” says Folkerts. “A lot of manual labor disappeared and was outmoded. This enabled us to speed up the development cycle. We could now generate a release every three days instead of every three weeks.”
Such efforts represented huge wins for the ministry charged with the monumental task of rolling out the new system to serve 16 million Dutch citizens. Through a combination of regression, functional and load testing, the organization has certified the system’s ability to handle 100 million transactions a year with a peak load of 200 transactions per second.
Parasoft’s automated testing infrastructure enabled the ministry to easily leverage functional test cases into load tests to simulate a realistic load on the system. The development team’s ability to perform high quality load tests in an automated fashion, meanwhile, clearly accelerated the project’s completion.
“It’s essential that the integrity of the system is guaranteed,” says van der Lugt. “We believe Parasoft’s API Testing solution has helped us to guarantee 100% reliability of this system in a more rapid fashion than otherwise would have been possible. It’s a valuable product that has covered all our needs.”
Parasoft’s industry-leading automated software testing tools support the entire software development process, from when the developer writes the first line of code all the way through unit and functional testing, to performance and security testing, leveraging simulated test environments along the way.