Software quality assurance is a tough job. With frequent costly and extremely embarrassing cyber-attacks on company websites and networks, the job of software quality assurance (SQA) professional has gotten even tougher. Traditionally, SQA professionals have been responsible for monitoring the soft- ware development process to ensure design quality and to make sure that software adheres to a set of coding standards established by their organization. But in today’s time-compressed world of rapid releases and DevOps, the traditional SQA process has changed and broadened in scope.
More SQA professionals are now expected to perform application security testing. While it has been generally recognized that software quality is strongly tied to an application’s security, testing with a specific focus on detecting security vulnerabilities requires special knowledge, tools, and procedures. Even if an application passes functional tests and is compliant with certain software standards, the software may still be vulnerable to cyberattacks.
Operating in a world of rapid application development and agile development environments, SQA
professionals find themselves faced with more abbreviated testing schedules than ever before. Management wants production quality software fast, leaving less time to properly test and approve software applications for security. Consequently, SQA professionals are pressed for time, have more standards to which their software needs to be compliant, have a set of functional tests that may not reveal the security flaws in their software, and are under pressure from developers and management to declare their software secure.
So what’s an SQA professional to do?