News Stay informed about the latest enterprise technology news and product updates.

New skills for the QA tester: Scripting, security

Software quality assurance is gaining respect as a profession -- but do QA testers have the scripting and security skills the role now requires?

It's a good time to be a QA tester.

That was the resounding message at the STAREAST 2013 conference in Orlando April 28 – May 3. Speaker after speaker urged test professionals to embrace their role as pivotal players in producing the software their organizations depend on to do business.

Jennifer LentJennifer Lent

There were variations on the theme, but one way or another, all of the speakers delivered the same meta-message: Quality assurance (QA) pros need to take a leadership role when application planning gets underway, instead of simply waiting to test requirements that may not result in the right software for the business.

All in all, it added up to an impressive new job description for a group of professionals once seen as bug fixers tasked with finding last-minute defects before the software went live.

But here's a reality check: As their profession gains stature, software testers need an astounding array of skills to deliver all that is being asked of them. Do they have those skills or the resources to acquire them?

In an earlier article on STAREAST, I wrote about developing leadership and management skills to get ahead. In this installment of Quality Time, I take a look at two technical skill sets QA testers can't do without today: scripting and security testing.

Scripting skills for test automation

There's no need to become a crackerjack programmer, but all software testers must learn to write a little bit of code. The reason is simple: Automated testing is here to stay, and using these tools requires QA pros to write the scripts that execute the tests.

Jeff Payne, CEO of Fairfax, Va.-based software consultancy Coveros Inc., drove that point home in his STAREAST keynote address, Testing in a Test-Driven World. Companies want to hire testers who can do automation, and those who lack this skill will be left behind, he said. "So learn how to script tests," he told the audience. "Try [the scripting language] Ruby; don't be on the wrong side of this."

Companies want to hire testers who can do automation, and those who lack this skill will be left behind.

Jeff Payne,
CEO, Coveros Inc.

Demand for scripting skills is especially high in the initial stage of setting up test automation. But don't be fooled into thinking the need goes away once the first set of scripts is written, said software test expert Robert Galen of Cary, N.C.-based RGalen Consulting Group. Effective test automation requires QA pros to continually evaluate whether they are running the right  set of tests, as well as have the ability to script new ones as needed, he said.

Also crucial to understand: Test automation isn't an all or nothing proposition. It's just one aspect of QA testing. There will always be a need for manual testing, especially when checking on things like the error messages an application generates. In the STAREAST Lightning Strikes the Keynotes session, Michael Bolton of the Toronto-based software test consultancy DevelopSense, noted that "no amount of test automation will catch error messages."

The big picture on security

Another area where automated testing won't help is security. Many QA testers shudder when they hear the words "security testing" because they fear they are being asked to dig down deep into the application and analyze source code.

No one is asking test pros to do that. But increasingly, they are being asked to assume some responsibility for security, and for many software testers, this is entirely new ground.

"Security is really important these days," Payne said in his STAREAST keynote. Unlike developers who are "down in the trenches implementing code," software testers are good at thinking through the whole process of application development, from requirements to deployment, and that makes them uniquely qualified to do basic security testing, he said.

"What data would an attacker want to steal from this application and what paths would they take to get at that information?" Payne said these are key security questions testers should ask themselves. Then they should conduct basic tests to make sure, for example, that entry points are secure by requiring the application to validate all data entered by a user.

In his keynote, Payne never suggested QA testers should inspect code for security vulnerabilities. But when I asked a test manager what she thought of Payne's security recommendations, clearly she thought he had suggested just that. "Security testing is a technical skill; you have to look at code -- and that is unrealistic for software testers," said the test manager, who asked me not to use her name.

I believe her comment offers a glimpse into an issue many QA testers are grappling with: "How do I acquire the skills my profession now demands? Will I be able to do everything I may be asked to do?"

It's great that software testing is gaining respect as a profession, but do software testers have the skills to make the leap? How will they acquire them?

Let me know what you think and follow us on Twitter @SoftwareTestTT.

Dig Deeper on Topics Archive