The previous chapter in this WhiteHat Security series discussed Codebase as the first step of the Twelve-Factor App and defined a security best practice approach for ensuring a secure source control system. Considering the importance of applying security in a modern DevOps world, this next chapter examines the security component of step two of the Twelve-Factor methodology. Here follows some actionable advice from the WhiteHat Security Addendum Checklist, which developers and ops engineers can follow during the SaaS build and operations stages ...
"Nothing is sure in life except for death and taxes," the saying goes. If someone were to update that expression for present day tech consumers, they could add: "and the expectation of regular software updates." It's what developers are tasked with, and what users expect and demand – increased functionality, better performance, and fewer bugs – often in a week or less. Automation of critical processes such as QA can help meet the gargantuan task of constant updates, but it can also send your software into a death spiral of user abandonment unless deployed correctly.
How We've Attempted to Meet the Challenge of Continuous Deployment
One of the most significant developments in attempting to streamline the process of continuous deployment is agile development. Agile development is a general project management approach that emphasizes the dividing of product development work into small manageable portions. These are worked on by a cross-section of teams from those that deal with coding, to those that oversee design and testing.
By breaking tasks into manageable cross-sections, companies are well positioned to put out incremental updates that fix bugs, include new features and keep the user happy. The only issue with this is that adopting the strategy alone isn't feasible for smaller companies, and even for those companies that can afford it, paying developers for the time it takes to release at that pace can be financially draining.
Why Automation of QA Is So Promising
By turning to automation for some of the processes such as QA, companies can theoretically be working to debug and improve quality 24/7. Moreover, it saves the enormous amount of money that the large staff capable of churning out those updates would cost for the SMEs that can't afford it. For those that can, it frees up engineers' time so that they can develop even better features and utilize their time more efficiently.
Nonetheless, although automation can seem like the perfect solution, relying on it exclusively may end not with increased productivity, but rather massive product abandonment and total failure.
How to Utilize Automation Without Failing
Over 60% of automated solutions fail. This rate is startlingly high, but is also largely caused by avoidable issues. Most commonly, automation testers themselves lack the skills to provide proper implementation of automation.
People overseeing the process often use the wrong automation tools or frameworks and fail to adapt regression tests which eventually grow stale, depending on them over and over instead of making sure that they evolve with the product itself.
But it's not just those who directly oversee the automation process that are at fault; it's also more often than not the framework established by the organization that contributes to automation failure.
Automation is still not a solution for every problem, nor is it possible to make each testing solution 100% automated. The most common mistakes and improvements relating to automation still rely on human QA testers. It's important to make sure that any automation process includes a pairing with experienced testers with industry-specific experience. By focusing on adding skilled employees who fit into the automation process as an add-on rather than trying to make the automation process a cure-all, companies can gain a competitive edge and make better products, faster.
The agile development process is here to stay and those who don't adapt will get trounced until they are made completely obsolete. This shock to the software development process is a challenge because it requires quick adaptation, continuous updates, and a lot of critical work done on a tight timeline.
But, it's also an opportunity that can be leveraged through a delicate balance of automation and experienced QA professionals. Getting the combination right will mean money saved, better products, and happier customers.