Don’t get us wrong – manual testing of software is still an important and valuable part of quality assurance, leveraging human intuition and inventiveness for proper coverage. But there’s a penalty to pay as well. Manual testing takes time and effort.
When good automation can handle a large part of what would otherwise have been manual testing, in minutes instead of days, and at a fraction of the cost, insisting on manual testing could be a significant error.
We have this type of discussion with customers and other interested parties quite often. In multiple tests, we ran fully automated, rapid mobile app testing for different companies and showed our findings in app test reports of 20 plus pages. All this took just a few minutes. Several days later, these companies would come back to us to say that their security team had found similar issues and that they weren’t going to replace their teams by a machine (or words to that effect).
Absolutely! But the point about fully automated mobile testing is to augment a security team, rather than to replace it. And there are several big reasons why this should be done:
· Speed. Automated testing lets you meet mobile app release schedules that are getting shorter and shorter every day.
· Reliability. Automated testing combined with machine learning produces no mistakes.
· Completeness. Automated testing doesn’t forget bits of testing either.
While smart automated testing can do things right, it’s still up to people to make sure the right things get done. Good designers can build many of the right things into automated app testing products and services. Security teams then decide what should be tested, how it should be tested, and how much time, effort, and cost they want to save by applying automated testing as part of all that.
Good automated testing doesn’t stop there either. There are two further advantages that can help security teams get more done in less time with improved results:
· Clear Go/No Go indications. While it can be highly edifying to receive a report of 20 plus pages, you may also want to know just one thing: is this app safe enough for us to use or to release? Smart automated testing lets you define your own acceptance thresholds to give you a simple accept/reject result (“In or Out” in Mi3 Security language). Whatever the result, you can move on to your next action without delay.
· See hidden problems. Humans typically cannot read binary executable code, but AppInterrogator picks out the security flaws and vulnerabilities, and lists them for you to see. Whether you’re dealing with apps you develop or apps from a third party, you’re covered. In parallel, AppVisualizer gives you deep visual analysis of key app element reputations and contextual relationships in a graphical dashboard, revealing security information that would be impossible to detect from text-based results alone.
Your security team can then use the time saved through automation to focus on value-added tasks such as enhancing overall security testing and posture to align with company business objectives, combining manual and automated testing together for optimal results.