Wednesday, June 9, 2010

Performance & Security Testing in Agile Development

Tracy DeDore (HP)

Testing baked into each sprint: cant be a manual approach
Not uncommon to take a hybrid approach between agile/waterfall: scrummerfall
Important to be diligent when mixing practices
Non-functional testing often gets deferred till the end: risky
Functional/performance/security testing should be addressed in release planning & each sprint

automated load testing: bottlenecks/root cause analysis etc for performance degradation
wont have a working full application every sprint: need to be able to test components
headless/gui-less performance testing
Service virtualization tools: capture/model target system's behavior/performance so you dont need to use live systems for testing each time

static source code analysis: scan for vulnerabilities during dev: many false positives
step or path-specific business process testing
black box/dynamic web application scanners: requires a fully functioning app
leverage automation tools: allows dev & QA to test without being security experts

No comments:

Post a Comment