This topic has come up a few times this year in question period: arguments that quality bugs and security bugs « have equal value, » that security testing and QA are « the same thing, » that security testing should « just be performed by QA » and that « there’s no specific skillset » required to do security testing versus QA. This article will explain why I fundamentally disagree with all of those statements.
First, some definitions.
Originally published on August 17, 2020
This article will be interesting for IT directors, product managers, project managers, and anyone who wants to understand the processes of project quality assurance better.
The testing that is done to verify the interface functionality is called Interface testing. It is also defined as a software testing type that verifies whether the communication between two different software systems is done correctly.
I work as a DevOps engineer for a large public-facing application, which has around 90+ microservices (Java-based). Consistently, we are hit by scenarios that we’d discover in the field, which were not caught in any of our testing. Despite improving our test strategies and code coverage assessments, we were unable to assess the "strength" of our test cases.
We looked around for options and solutions that could help us to be more sure about our test cases and the code we develop. As a DevOps engineer, my responsibility was to identify options and trial them to fix this problem and include it as part of our automated build process.
