When developers fail to keep up with security and software development trends, it catches up with them sooner or later. And security threats will only grow in 2019, with newly discovered vulnerabilities throughout the application and infrastructure stack.
QA and security teams should look for ways to automate security testing and other software tests against such problems. Bring actionable security suggestions to the surface as early as possible in development and accurately assess the impact of these newly discovered threats.
QA and security traditionally exist in different departments, run by different teams. Cyberattacks can damage both an organization's finances and reputation, and they're on the rise, which should prompt organizations to integrate comprehensive testing. Over the next year, enterprises will consider the existence of unpatched security problems as much of a software defect as traditional broken apps.
The proliferation and improvement of tools that automate security testing will be particularly important in 2019. QA managers should create setups that incorporate basic security testing closer to development than in previous ways of working. This software testing trend might include baking secure code analysis into the static analysis tools used at code check-in.
To take it one step further, QA managers should look to incorporate security analysis directly into an integrated development environment, such as the approach taken with Sensei.
QA and security teams also must keep pace with the constant influx of newly discovered security vulnerabilities within application servers and development libraries. QA should curate tools to monitor incoming zero-day vulnerability reports and cross-check these against an inventory of existing libraries and application infrastructure.
Once a particular category of potential problems is identified, security and QA teams should find ways to streamline tests for it. When organizations apply automation to tests, it frees up time for more creative types of security and penetration testing.
George Lawton is a journalist based in San Francisco.