SlideShare a Scribd company logo

Shifting left: Continuous testing for better app quality and security

NowSecure
NowSecure

Learn how automating mobile app security testing can support continuous integration and DevOps initiatives in this webinar with Steven Winter, Founder & Chief Strategist of Guerrilla QA, and Andrew Hoog, CEO & Co-founder of NowSecure.

Software
1 of 28
Download to read offline
Shifting left: Continuous testing for better app quality & security
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Connect Twitter: @NowSecureMobile | @GuerrillaQA — Subscribe to #MobSec5, our weekly mobile security news digest http://mobsec5.nowsecure.com/ — Web: nowsecure.com | guerrillaqa.com
Steven Winter Founder & Chief Strategist, GuerrillaQA © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Andrew Hoog CEO & Co-founder, NowSecure
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● Why deploy more quickly? ● Going fast, achieving quality, & saving money ● What now? Must do’s! ● Continuous testing in practice ● Q & A
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Why deploy mobile apps more quickly?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. The business value of more frequent deployments Happier customers New features / improvements increase customer satisfaction & lead to faster realization of revenue from new features. Fix defects faster Identifying flaws earlier & shortening the feedback loop leads to less expensive, faster fixes. Reduce risk Smaller deployments include fewer things that can go wrong, & those failures are easier to fix
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Pain experienced as a result of infrequent releases Dissatisfied customers App users churn due to their perception that the developer is not responsive with improvements & new features. Slower reaction time Improvements & fixes take longer to be released, are more expensive, & leave customers dissatisfied longer. High-risk, complex deploys Monolithic releases include more dependencies & potential failures resulting in more expensive & time-consuming fixes.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. What does the ideal look like? Company Deploy Frequency Deploy Lead Time Amazon 23,000 / day minutes Google 5,500 / day minutes Netflix 500 / day minutes Facebook 1 / day hours Twitter 3 / week hours Typical enterprise Once every 9 months Months or quarters Kim, Gene. "Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win" 2014.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. How frequently are others deploying? https://blog.newrelic.com/2016/02/04/data-culture-survey-results-faster-deployment/
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Where are you in your journey? First steps Automate what testing you can Take advantage of Continuous Integration Shift security & performance testing left
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. You can go fast, achieve quality, & save money
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Earlier testing & remediation prevents technical debt Requirements / Architecture Coding Integration / Component Testing System / Acceptance Testing Production / Post-Release Source: National Institute of Standards & Technology The cost for fixing vulnerabilities is 30xhigher after an app has been deployed
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. The cost of fixing a P1 mobile bug in production Case Study Team Hours Detection & communication 20 Verification 16 Fix 40 Build, test, certify the fix 60 Customer acceptance 40 Post-publish verification 20 Total hours 196 As well as ● Loss of client & app user confidence ● Negative app ratings ● Derailment of feature development & release $35K In total costs
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Automation pays for itself with repeatability Manual Testing Automated Testing Releases Time / Effort Time Savings
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. Development / Integration Staging Production Dev Team Version Control Build & Unit Tests Automated Acceptance Tests Release User Acceptance Tests Check-in Check-in Check-in Trigger Trigger Trigger Trigger Trigger Approval Approval Feedback Feedback Feedback Feedback Feedback Feedback Engineer QA DevOps
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. Development / Integration Staging Production Dev Team Version Control Build & Unit Tests Automated Acceptance Tests Release User Acceptance Tests Check-in Check-in Check-in Trigger Trigger Trigger Trigger Trigger Approval Approval Feedback Feedback Feedback Feedback Feedback Feedback Engineer QA DevOps Shift security & performance Testing to the left
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. CI + CT = !! Continuous Integration + Continuous Testing = Productivity multiplier ● Sets the stage for “set-it-and-forget-it” deployment ● Deliver higher quality code at lower risk in less time ● “Parallelizes” testing ○ Security, regression, performance, etc. ○ Simultaneously ● Repurpose test scripts ○ Write once ○ Use everywhere
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. What now? Must do’s!
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. 1. Agree & commit to improving Must do’s!
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Must do’s! 1. Agree & commit to improving 2. Plan testing & automation scripting up front
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Must do’s! 1. Agree & commit to improving 2. Plan testing & automation scripting up front 3. Agree on test coverage
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Must do’s! 1. Agree & commit to improving 2. Plan testing & automation scripting up front 3. Agree on Test Coverage 4. Measure, measure, measure
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Must do’s! 1. Agree & commit to improving 2. Plan testing & automation scripting up front 3. Agree on Test Coverage 4. Measure, measure, measure 5. Plan for test script maintenance
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Continuous testing in practice
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Case study: Value realized in just a few hours
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Steven’s experience at scale From 4 months to Nightly
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Scaling your automated testing based on maturity Small Medium Enterprise ● Leverage open-source tools ● Build CI environment ● Create a basic smoke test ● Expand test coverage ● Leverage cloud platform services ● Plug security & performance testing into CI ● Create smoke tests for each feature (not the entire app) ● Prioritize by feature’s success / risk ● Pick the top three & go!
Let’s talk NowSecure +1 312.878.1100 @NowSecureMobile www.nowsecure.com GuerrillaQA +1 415.763.TEST @GuerrillaQA www.guerrillaqa.com Subscribe to #MobSec5 - a collection of the week’s mobile news that matters - http://mobsec5.nowsecure.com/

Recommended

Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
NowSecure
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
NowSecure
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
NowSecure
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
NowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 

Recommended

Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
NowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testing
NowSecure
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
NowSecure
 
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbookPreparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
How to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’tsHow to make Android apps secure: dos and don’ts
How to make Android apps secure: dos and don’ts
NowSecure
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
NowSecure
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
NowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
NowSecure
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
 
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyA Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing Strategy
NowSecure
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureFrom Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
NowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
NowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechWhat attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTech
NowSecure
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
NowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
Seculert
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
NowSecure
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
Ammar WK
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
Phillip Maddux
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR
OWASP
 
Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Cyber intro 2017_hebrew
Cyber intro 2017_hebrew
Moti Sagey מוטי שגיא
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
TechWell
 
Integrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsIntegrating Automated Testing into DevOps
Integrating Automated Testing into DevOps
TechWell
 

More Related Content

What's hot

5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
NowSecure
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
 
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyA Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing Strategy
NowSecure
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureFrom Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
NowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
NowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechWhat attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTech
NowSecure
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
NowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
Seculert
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
NowSecure
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
Ammar WK
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
Phillip Maddux
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR
OWASP
 

What's hot (20)

5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
 
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyA Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing Strategy
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureFrom Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechWhat attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTech
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR
 
Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Cyber intro 2017_hebrew
Cyber intro 2017_hebrew
 

Similar to Shifting left: Continuous testing for better app quality and security

Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
TechWell
 
Integrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsIntegrating Automated Testing into DevOps
Integrating Automated Testing into DevOps
TechWell
 
Transforming Product Development in the Cloud (ENT306) - AWS re:Invent 2018
Transforming Product Development in the Cloud (ENT306) - AWS re:Invent 2018Transforming Product Development in the Cloud (ENT306) - AWS re:Invent 2018
Transforming Product Development in the Cloud (ENT306) - AWS re:Invent 2018
Amazon Web Services
 
Transforming Product Development - AWS Transformation Day 2018: Detroit
Transforming Product Development - AWS Transformation Day 2018: DetroitTransforming Product Development - AWS Transformation Day 2018: Detroit
Transforming Product Development - AWS Transformation Day 2018: Detroit
Amazon Web Services
 
Transforming Product Development - Transformation Day Montreal 2018
Transforming Product Development - Transformation Day Montreal 2018Transforming Product Development - Transformation Day Montreal 2018
Transforming Product Development - Transformation Day Montreal 2018
Amazon Web Services
 
Transforming Product Development - AWS Transformation Day Boston 2018
Transforming Product Development - AWS Transformation Day Boston 2018Transforming Product Development - AWS Transformation Day Boston 2018
Transforming Product Development - AWS Transformation Day Boston 2018
Amazon Web Services
 
Transforming Product Development - AWS Transformation Day: Santa Clara 2018
Transforming Product Development - AWS Transformation Day: Santa Clara 2018Transforming Product Development - AWS Transformation Day: Santa Clara 2018
Transforming Product Development - AWS Transformation Day: Santa Clara 2018
Amazon Web Services
 
Transforming Product Development- AWS Transformation Day Raleigh 2018.pdf
Transforming Product Development- AWS Transformation Day Raleigh 2018.pdfTransforming Product Development- AWS Transformation Day Raleigh 2018.pdf
Transforming Product Development- AWS Transformation Day Raleigh 2018.pdf
Amazon Web Services
 
Transforming Product Development- Transformation Day Philadelphia 2018
Transforming Product Development- Transformation Day Philadelphia 2018Transforming Product Development- Transformation Day Philadelphia 2018
Transforming Product Development- Transformation Day Philadelphia 2018
Amazon Web Services
 
Reaching for Your Quality Stretch Goals: Testing at Realtor.com
Reaching for Your Quality Stretch Goals: Testing at Realtor.comReaching for Your Quality Stretch Goals: Testing at Realtor.com
Reaching for Your Quality Stretch Goals: Testing at Realtor.com
Klaus Salchner
 
Test Masters 2016 Spring Conference
Test Masters 2016 Spring ConferenceTest Masters 2016 Spring Conference
Test Masters 2016 Spring Conference
Adam Sandman
 
Fundamentals of crowdsourced testing
Fundamentals of crowdsourced testingFundamentals of crowdsourced testing
Fundamentals of crowdsourced testing
Nicholas Roberts
 
Outcome-Driven Product Backlog Management by Mike Dwyer - Agile Maine Day 2016
Outcome-Driven Product Backlog Management by Mike Dwyer - Agile Maine Day 2016Outcome-Driven Product Backlog Management by Mike Dwyer - Agile Maine Day 2016
Outcome-Driven Product Backlog Management by Mike Dwyer - Agile Maine Day 2016
agilemaine
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
NowSecure
 
Moving to DevOps the Amazon Way
Moving to DevOps the Amazon WayMoving to DevOps the Amazon Way
Moving to DevOps the Amazon Way
Amazon Web Services
 
Shifting Left: The Evolution of Test Automation
Shifting Left: The Evolution of Test AutomationShifting Left: The Evolution of Test Automation
Shifting Left: The Evolution of Test Automation
TechWell
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
Amazon Web Services
 
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon WayAWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
Amazon Web Services
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
Gene Gotimer
 
Navigating Your Product's Growth with Embedded Analytics
Navigating Your Product's Growth with Embedded Analytics Navigating Your Product's Growth with Embedded Analytics
Navigating Your Product's Growth with Embedded Analytics
Progress
 

Similar to Shifting left: Continuous testing for better app quality and security (20)

Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
Integrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsIntegrating Automated Testing into DevOps
Integrating Automated Testing into DevOps
 
Transforming Product Development in the Cloud (ENT306) - AWS re:Invent 2018
Transforming Product Development in the Cloud (ENT306) - AWS re:Invent 2018Transforming Product Development in the Cloud (ENT306) - AWS re:Invent 2018
Transforming Product Development in the Cloud (ENT306) - AWS re:Invent 2018
 
Transforming Product Development - AWS Transformation Day 2018: Detroit
Transforming Product Development - AWS Transformation Day 2018: DetroitTransforming Product Development - AWS Transformation Day 2018: Detroit
Transforming Product Development - AWS Transformation Day 2018: Detroit
 
Transforming Product Development - Transformation Day Montreal 2018
Transforming Product Development - Transformation Day Montreal 2018Transforming Product Development - Transformation Day Montreal 2018
Transforming Product Development - Transformation Day Montreal 2018
 
Transforming Product Development - AWS Transformation Day Boston 2018
Transforming Product Development - AWS Transformation Day Boston 2018Transforming Product Development - AWS Transformation Day Boston 2018
Transforming Product Development - AWS Transformation Day Boston 2018
 
Transforming Product Development - AWS Transformation Day: Santa Clara 2018
Transforming Product Development - AWS Transformation Day: Santa Clara 2018Transforming Product Development - AWS Transformation Day: Santa Clara 2018
Transforming Product Development - AWS Transformation Day: Santa Clara 2018
 
Transforming Product Development- AWS Transformation Day Raleigh 2018.pdf
Transforming Product Development- AWS Transformation Day Raleigh 2018.pdfTransforming Product Development- AWS Transformation Day Raleigh 2018.pdf
Transforming Product Development- AWS Transformation Day Raleigh 2018.pdf
 
Transforming Product Development- Transformation Day Philadelphia 2018
Transforming Product Development- Transformation Day Philadelphia 2018Transforming Product Development- Transformation Day Philadelphia 2018
Transforming Product Development- Transformation Day Philadelphia 2018
 
Reaching for Your Quality Stretch Goals: Testing at Realtor.com
Reaching for Your Quality Stretch Goals: Testing at Realtor.comReaching for Your Quality Stretch Goals: Testing at Realtor.com
Reaching for Your Quality Stretch Goals: Testing at Realtor.com
 
Test Masters 2016 Spring Conference
Test Masters 2016 Spring ConferenceTest Masters 2016 Spring Conference
Test Masters 2016 Spring Conference
 
Fundamentals of crowdsourced testing
Fundamentals of crowdsourced testingFundamentals of crowdsourced testing
Fundamentals of crowdsourced testing
 
Outcome-Driven Product Backlog Management by Mike Dwyer - Agile Maine Day 2016
Outcome-Driven Product Backlog Management by Mike Dwyer - Agile Maine Day 2016Outcome-Driven Product Backlog Management by Mike Dwyer - Agile Maine Day 2016
Outcome-Driven Product Backlog Management by Mike Dwyer - Agile Maine Day 2016
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 
Moving to DevOps the Amazon Way
Moving to DevOps the Amazon WayMoving to DevOps the Amazon Way
Moving to DevOps the Amazon Way
 
Shifting Left: The Evolution of Test Automation
Shifting Left: The Evolution of Test AutomationShifting Left: The Evolution of Test Automation
Shifting Left: The Evolution of Test Automation
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
 
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon WayAWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
Navigating Your Product's Growth with Embedded Analytics
Navigating Your Product's Growth with Embedded Analytics Navigating Your Product's Growth with Embedded Analytics
Navigating Your Product's Growth with Embedded Analytics
 

More from NowSecure

iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2
NowSecure
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy Enhancements
NowSecure
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
NowSecure
 
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019Mobile App Security Predictions 2019
Mobile App Security Predictions 2019
NowSecure
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsJeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOps
NowSecure
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
NowSecure
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
NowSecure
 
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowiOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To Know
NowSecure
 
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing
NowSecure
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
NowSecure
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
NowSecure
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
NowSecure
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
NowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
NowSecure
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
 

More from NowSecure (17)

iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy Enhancements
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
 
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019Mobile App Security Predictions 2019
Mobile App Security Predictions 2019
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsJeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOps
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
 
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowiOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To Know
 
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
 

Recently uploaded

Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
pavan998932
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
Alina Yurenko
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
kalichargn70th171
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 

Recently uploaded (20)

Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 

Shifting left: Continuous testing for better app quality and security

  • 1. Shifting left: Continuous testing for better app quality & security
  • 2. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Connect Twitter: @NowSecureMobile | @GuerrillaQA — Subscribe to #MobSec5, our weekly mobile security news digest http://mobsec5.nowsecure.com/ — Web: nowsecure.com | guerrillaqa.com
  • 3. Steven Winter Founder & Chief Strategist, GuerrillaQA © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Andrew Hoog CEO & Co-founder, NowSecure
  • 4. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● Why deploy more quickly? ● Going fast, achieving quality, & saving money ● What now? Must do’s! ● Continuous testing in practice ● Q & A
  • 5. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Why deploy mobile apps more quickly?
  • 6. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. The business value of more frequent deployments Happier customers New features / improvements increase customer satisfaction & lead to faster realization of revenue from new features. Fix defects faster Identifying flaws earlier & shortening the feedback loop leads to less expensive, faster fixes. Reduce risk Smaller deployments include fewer things that can go wrong, & those failures are easier to fix
  • 7. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Pain experienced as a result of infrequent releases Dissatisfied customers App users churn due to their perception that the developer is not responsive with improvements & new features. Slower reaction time Improvements & fixes take longer to be released, are more expensive, & leave customers dissatisfied longer. High-risk, complex deploys Monolithic releases include more dependencies & potential failures resulting in more expensive & time-consuming fixes.
  • 8. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. What does the ideal look like? Company Deploy Frequency Deploy Lead Time Amazon 23,000 / day minutes Google 5,500 / day minutes Netflix 500 / day minutes Facebook 1 / day hours Twitter 3 / week hours Typical enterprise Once every 9 months Months or quarters Kim, Gene. "Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win" 2014.
  • 9. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. How frequently are others deploying? https://blog.newrelic.com/2016/02/04/data-culture-survey-results-faster-deployment/
  • 10. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Where are you in your journey? First steps Automate what testing you can Take advantage of Continuous Integration Shift security & performance testing left
  • 11. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. You can go fast, achieve quality, & save money
  • 12. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Earlier testing & remediation prevents technical debt Requirements / Architecture Coding Integration / Component Testing System / Acceptance Testing Production / Post-Release Source: National Institute of Standards & Technology The cost for fixing vulnerabilities is 30xhigher after an app has been deployed
  • 13. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. The cost of fixing a P1 mobile bug in production Case Study Team Hours Detection & communication 20 Verification 16 Fix 40 Build, test, certify the fix 60 Customer acceptance 40 Post-publish verification 20 Total hours 196 As well as ● Loss of client & app user confidence ● Negative app ratings ● Derailment of feature development & release $35K In total costs
  • 14. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Automation pays for itself with repeatability Manual Testing Automated Testing Releases Time / Effort Time Savings
  • 15. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. Development / Integration Staging Production Dev Team Version Control Build & Unit Tests Automated Acceptance Tests Release User Acceptance Tests Check-in Check-in Check-in Trigger Trigger Trigger Trigger Trigger Approval Approval Feedback Feedback Feedback Feedback Feedback Feedback Engineer QA DevOps
  • 16. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. Development / Integration Staging Production Dev Team Version Control Build & Unit Tests Automated Acceptance Tests Release User Acceptance Tests Check-in Check-in Check-in Trigger Trigger Trigger Trigger Trigger Approval Approval Feedback Feedback Feedback Feedback Feedback Feedback Engineer QA DevOps Shift security & performance Testing to the left
  • 17. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. CI + CT = !! Continuous Integration + Continuous Testing = Productivity multiplier ● Sets the stage for “set-it-and-forget-it” deployment ● Deliver higher quality code at lower risk in less time ● “Parallelizes” testing ○ Security, regression, performance, etc. ○ Simultaneously ● Repurpose test scripts ○ Write once ○ Use everywhere
  • 18. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. What now? Must do’s!
  • 19. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. 1. Agree & commit to improving Must do’s!
  • 20. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Must do’s! 1. Agree & commit to improving 2. Plan testing & automation scripting up front
  • 21. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Must do’s! 1. Agree & commit to improving 2. Plan testing & automation scripting up front 3. Agree on test coverage
  • 22. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Must do’s! 1. Agree & commit to improving 2. Plan testing & automation scripting up front 3. Agree on Test Coverage 4. Measure, measure, measure
  • 23. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Must do’s! 1. Agree & commit to improving 2. Plan testing & automation scripting up front 3. Agree on Test Coverage 4. Measure, measure, measure 5. Plan for test script maintenance
  • 24. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Continuous testing in practice
  • 25. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Case study: Value realized in just a few hours
  • 26. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Steven’s experience at scale From 4 months to Nightly
  • 27. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Scaling your automated testing based on maturity Small Medium Enterprise ● Leverage open-source tools ● Build CI environment ● Create a basic smoke test ● Expand test coverage ● Leverage cloud platform services ● Plug security & performance testing into CI ● Create smoke tests for each feature (not the entire app) ● Prioritize by feature’s success / risk ● Pick the top three & go!
  • 28. Let’s talk NowSecure +1 312.878.1100 @NowSecureMobile www.nowsecure.com GuerrillaQA +1 415.763.TEST @GuerrillaQA www.guerrillaqa.com Subscribe to #MobSec5 - a collection of the week’s mobile news that matters - http://mobsec5.nowsecure.com/