You are here: Home » Archives for June 2010
Writing by AppLabs on Tuesday, 29 of June, 2010 at 5:01 am
In 2006, the Payment Card Industry (PCI) Security Standards Council (SSC) was founded by the leading payment card brands. It developed the Data Security Standard (DSS) as a single set of requirements for enhancing the security of payment account data. Any organization that stores, processes or transmits cardholder data is required by contractual obligation to be compliant with the DSS.
As such, PCI compliance is often perceived by some organizations as something that is a valueless and externally mandated one-time activity. To many it is a burden, consuming resources they would rather spend on other efforts. At the same time, many other organizations have effectively launched security programs around DSS or have expanded their security programs using DSS. So which is it: shackle or launch pad?
The PCI Data Security Standard (DSS) is comprehensive and specific enough to be the foundation for (or at least a component of) a solid information security program of any organization irrespective of size. The DSS includes requirements for security management, policies, procedures, network architecture, software design and development and other critical protective measures. Due to the breadth of areas covered by its requirements, the DSS can help an organization consider and address most areas of information security. In short it can act as a springboard to security compliance in letter and spirit.
Organizations that perceive PCI compliance to be a valueless, one-time activity are not getting the true worth out of the program. This perception reflects an immature and dysfunctional security program. The key to effective PCI compliance and information security in general is in the long-term commitment to consistent and focused effort throughout the organization. When PCI compliance makes the transition from being a one-time activity to a long-term corporate commitment and culture, is when a security program matures and becomes effective. The PCI Data Security Standard can be the launch pad to making this significant transition.
Category: Compliance Testing, Offshore Software Testing, PCI Data Security Standard, Security Testing Services
Writing by raja.neravati@applabs.com on Monday, 28 of June, 2010 at 6:15 am
Over the last few years, customers have recognized the importance and need of Independent Testing and have engaged AppLabs to deliver services like Functional Testing, Automation and Performance Testing. These quality initiatives were mostly for individual projects or to resolve a specific business problem. While this approach helped resolve the problem at hand, it was not scalable and we believed could better meet the overall customer needs in terms of cost savings, reusability and improving time to market.
In enterprise customers, this approach posed even bigger problems like usage of multiple tools, lack of standardization and consistency in delivery. Using careful analysis and market research, we validated the business case with several ‘C” level executives. We thus created SCORE methodology as a response to this business problem comprising of proven methodologies, tools and templates. Our proprietary SCORE (Standardize Centralize Optimize Review Expand) methodology has a practical approach of transforming QA, organization-wide with phased implementation and checkpoints to validate the progress. This framework is helping us deliver Test Center of Excellence (TCoE) services with realization of customer goals much faster than the traditional discreet approach thereby reducing time to market and overall costs. Since the launch of SCORE / TCoE, we see almost 8 out of 10 customers opting for this approach and realizing its benefits.
Category: Offshore Software Testing, Software Testing, Test Center of Excellence (TCoE)
Writing by Sanju Pillai on Friday, 25 of June, 2010 at 4:30 am
Cloud offerings of organizations must include Infrastructure optimization
‘Customer facing channel’ intensive industries like retail, banking and media will look at the cloud in a big way while, retail is pegged at the peak of the cloud testing curve. Today many organizations are already reaping the benefits of doing software development and software testing on the cloud. Reasons attributed include - value for money, skill set, these industries cannot build the environment by themselves and they see cloud as an entry point into a market or region (instead of having ‘feet on the street’).
1) From an industry perspective :
a. Retail will be the first and fastest to get on to the cloud testing bandwagon. Performance testing would be their anthem.
b. BFSI – particularly banking will follow
c. Public sector and Government institutions will be the third
2) From a service portfolio perspective, on the cloud, we see Performance testing and Security testing riding the growth curve
3) In general SMEs will be looking at the cloud / cloud testing in a bigger way
Cloud offerings of organizations must include Infrastructure optimization as this will hold the key to solving one of business’ biggest challenges - managing costs. Infrastructure optimization helps drive demand for a more secure, well-managed and dynamic infrastructure to enable organizations to help reduce their overall IT costs and make better use of IT resources which in many cases they have already invested in.
Cloud development and testing coupled with infrastructure optimization will not fizzle out as the number of organizations that are investing in it will continue to grow as they will continue to see value. The ones that have invested by then will not pull out as they would have started reaping payback and will not see any ‘tangible benefits’ in doing so (pulling out of the cloud ).
Category: Cloud Computing, Industry, Infrastructure Optimization, Offshore Software Testing
Writing by Gareth Ingram on Thursday, 24 of June, 2010 at 4:19 am
The aim of TPC is to help align an organization’s business, technical and test objectives in a way that can be achieved and measured.
Review, improvement and compliance form a complete cyclical approach. Benefits are achieved by the execution of any one on the above but gains are maximized when all three are considered and implemented together.
In the current financial market economic paradigm, all organizations are looking to do more with less. Test Process Consultancy can be a very effective tool in helping achieve this goal.
What is Test Process Consultancy (TPC)?
TPC is an approach or service that enables an organisation to:
A- Recognise and define current test processes
B- Analyse those processes and identify areas for improvement
C- Implement improvements, and monitor and manage the benefits
The overall aim being to ensure long-lasting improvements that optimise a company’s return on investment and add value to business.
Benefits of TPC
The use of TPC results in:
u Improved quality
u Increased efficiency of current test process
u Reduced test effort
u Reduced time to market
u Reduced costs (pre and post production)
u Increased market reputation
u Better management and fixing of known test issues and risks
Challenges to effective TPC
To benefit an organisation, TPC requires:
u Acceptance of the fact that although there will be some ‘quick wins’, the full benefits are only seen in the medium or longer term
u Implementation by and subsequent support from Senior Management (IT and Business)
u An owner to take responsibility for implementing and monitoring improvements
u Appropriate funding (budget and experienced resource) that allows for the impact of implementation on users
u Scope, objectives and improvements being aligned to business needs
u Overcoming organisational dynamics and ensuring internal enthusiasm and support for change
Category: Offshore Software Testing, Software Testing, Test Plan, Test Process Improvement
Writing by Sanju Pillai on Wednesday, 23 of June, 2010 at 8:56 am
Finding defects at the end of SDLC is like stitching nine times when ideally a stitch would have sufficed, provided it was done in time. It is a given that the earlier a defect is found the cheaper it is to fix it and better it gets fixed.
Organizations that are focused on improving quality of their software before going on production but are all ears on finding defects after most of the development is completed, just prior to release, are setting not just themselves up for failure but also their customers. This understanding is not new but has been ignored by many organizations, nonetheless. However, today forward looking organizations are learning from past successes and mistakes and taking ownership of quality throughout the life cycle by involving an expert from the word go.
The trick of trade is in baking quality and testing practices into your entire Software Development Life Cycle (SDLC) process. In short get your testing services provider work for you right from the requirements gathering stage to deployment.
If you don’t have quality and testing practices baked into your SDLC then be ready to stitch nine times and still run the risk of it all coming off the seams during production.
Category: Offshore Software Testing, Software Testing, Test Plan
Writing by Sanju Pillai on Tuesday, 22 of June, 2010 at 7:15 am
Reasons are plenty for organizations worldwide to consider offshore testing services. Primary among them include, cost saving, access to testing expertise, independent opinion (especially an unbiased non-development vendor’s), and ultimately to improve software quality.
Despite the availability of advanced tools and techniques, business stakeholders are still dissatisfied with the overall quality of the software their IT shops develop. Here is when a standalone testing vendor brings in value. This has lead to the growth of test-alone vendors and independent testing practices of full-service providers.
The biggest advantage of using an independent testing vendor is that they are able to provide a truly independent and unbiased evaluation of software quality levels. In today’s world more and more enterprises are trying to separate testing from development as they are beginning to appreciate the value an independent testing vendor can bring onboard. Outsourcing testing is a natural extension of this understanding, as independent testers not involved in the development are more likely to view software with a critical eye than testers who work for the same company as the software’s implemented.
The aforementioned reason of getting a truly independent view, or cost savings or access to testing expertise or faster time to market. The reasons for considering outsourcing of testing could be all or some of these but the ultimate goal is improved software quality. And outsourcing of testing does result in improved software as you have more testers, better testing processes, and more hours of the day to test, all at a competitive price!
Category: Offshore Software Testing, Software Testing
