Automated Security and Quality Testing
SimplyCubed provides automated application quality and security testing with a focus on API and data protection.
This process starts by understanding the overall application architecture and data classification. We use the architecture for threat modeling to help understand the strengths, weaknesses, and behaviors of the application. The data classification is used to focus efforts on the key areas.
We then continue by building a testing pipeline where speed is critical. Testing speeds are essential to reducing the overall “Time to Respond,” as well as the total operational costs and overhead.
Our key driver is reducing our “Time to Respond” to security and business needs.
With the pipeline in place, we start with a standard set of test cases covering high risk the happy and sad paths. At this phase, we also include public CVE feeds to ensure that any new vulnerabilities are quickly detected even when an application is no longer under active development.
It’s key to ensure that applications are continuously scanned for new vulnerabilities throughout the full application lifecycle.
From there, the development team generally takes over the ownership of the test cases with ongoing support from the Security team. They add new tests when bugs or related vulnerabilities are found. They also remove or refactor unreliable or slow tests. In large applications, this often requires running tests in parallel or grouping tests into Unit, Integration, and Security tests.
If you’d like to know more about how we use automated testing to ensure quality and customer confidence, request a consultation today.