How to Get Security Prioritized in Enterprise Programming

Given all of the intensified attention to security issues these days, it’s surprising how often application security is still neglected. To be clear, in-house app dev is a top priority for companies and app testing has never been neglected. But that testing overwhelmingly focuses on functionality—does the app crash? Does a right-click on the blue icon deliver the desired action?—rather than security. Why is that? Like almost everything else in security, the blame falls mostly on C-level executive priorities. The CEO and other C levels are relentless in pushing delivery dates. That is reflected in general instructions as well as manager bonus incentives. By focusing solely on time to market, they are almost forcing a situation where app vulnerability concerns are given a backseat to, well, just about everything else. This problem also builds on itself. The emphasis on speed pushes developers to rely on as much open source code […]

Manual Testing vs. Automated Testing

When it comes to the world of QA, automated testing is become more and more popular. In fact, a quick search of QA jobs on sites like Indeed, LinkedIn, etc. will show that the majority of these jobs now require automation experience with a language like Java, Python, etc. This can prove daunting for testers with a background in manual testing, who typically leave the coding to developers. It can also be confusing to employers, who aren’t sure how much automated testing they need, and whether it can replace manual testing completely. I’ve worked with clients who use 100% manual testing to great success, and those who attempted to do 100% automation, and had to re-think their strategy — so the reality isn’t always as black and white as it may appear. The ideal combination is having both manual and automated testing, though the amount of each depends on your […]