Cloudbusting app testing for developers, who's the daddy?
I suppose it was logical. Cloud computing came along and every sub-classification of the software application development food chain would, at some point, inevitably bring out a cloud-based or cloud-ready version of this that and the other.
What's so cool about this new dreary software solution for management accountants? "Well it's cloud based sir!" Nope, sorry, still not interested.
How about app testing for the cloud? Oh damn I wish I'd thought of that. You mean you can build development environments that benefit from both static and dynamic cloud-based testing before you rocket your apps skywards? Well yes of course you can and various vendors have been offering this for a while.
So what's special? What's new – and what distinguishes one cloud testing suite from another?
Well, this time last year HP (love your sauce guys) announced that it was going to work with cloud vendor Skytap to build a virtual lab for testing apps across a, "Broad library of operating systems, databases and middleware". The company's cloud research R&D is also growing.
Then there's Sauce Labs (more sauce) - no I haven't heard of them either – and its cloud computing testing service. The company underlines the key real world testing problems as the increasing number of browsers to support while, "Microsoft Internet Explorer continues to lose market share". Its service has just topped the 1 million test mark.
I could go on and on here, there's SOASTA CloudTest with its load and performance testing offering. It's all about offering a, "Controlled environment to simulate and stage real world scenarios."
There's a pattern starting to emerge here isn't there? Building the virtual test environment to represent the real runtime existence of the cloud based application to be tested. So is anyone saying anything fresh?
Well there was one company that seemed to take a more detailed approach – perhaps a more granular approach even. Something that might resonate well with real life developers at ground level even.
Veracode's SecurityReview service allows developers to upload apps and perform, "Line-of-code specific vulnerability identification and remediation instructions directly to defect tracking systems and integrated development environments (IDEs)."
So this is application security testing for developers, not just security experts. There appears to be a high incidence of false positives in cloud-based application testing, where testing tools highlight problems that do not exist. There's also the disconnection problem i.e. testers are not developers per se and they are not GUI designers for sure, one would logically argue that this inherent distance rarely helps the end result to shine.
“By integrating cloud-based testing capabilities directly into tools that are part of a developer’s everyday life, Veracode is really completing the ‘last mile’ needed to deliver the advantages of both static and dynamic cloud-based security testing into the on-premise development climate,” said Nigel Stanley, practice leader, Bloor Research. “It’s one of the few really useful examples of the cloud that I have seen and the potential is clear – more secure code for substantially less developer effort.”
That seems like a REALLY positive statement to make independently, but I have friends at Bloor and know them to normally be really tough – and I like his point about the 'last mile' in that these tools can be used by developers, so I chose to include it.
So cloud testing, who's the daddy. Well it's probably more likely to be HP than Veracode due to sheer weight of numbers, but hopefully this piece will help spread the awareness circle a little wider.