The Test Maturity Model Integration (TMMi) is a framework that is developed to complement the existing Capability Maturity Model Integration (CMMI). It provides a structured presentation of maturity levels, allowing for standard TMMi assessments and certification. It enables a consistent deployment of the standards and collection of industry metrics. The TMMi has a rapidly growing uptake across Europe, Asia and the USA and owes its popularity to being the only independent test process measurement method.

The independent TMMi Foundation initiative has been established with the sole intent of developing the TMMi standard. The model it promotes can be used in isolation or in support of other process improvement models. It provides an independently managed data repository to support TMMi assessment method accreditation. It also provides Assessment Method Accreditation/Audit Framework for TMMi in accordance with ISO15504 and the process to certify commercial assessment methods against the standard model. Further it provides the certification and training/examination process, procedures and standards for formal, public accreditation of Assessors and Lead Assessors and the on-going management.

As with the CMMI staged representation, TMMi has a staged architecture for process improvement. It contains stages/levels from 1 to 5 through which an organization passes as its testing process evolves from one that is ad-hoc and unmanaged, to one that is managed, defined, measured, and optimized.

In September 2008 AppLabs became a supporter of the TMMi Foundation, after having ensured that the objectives of the TMMi Foundation were compatible with our views and objectives. This initiative was valuable to us as a company, to the testing industry as a whole, something which AppLabs could add a valuable contribution to and help advance. As AppLabs was already a CMMI Level 5 company, the TMMi alignment with CMMI proved beneficial.

On the whole, these industry metrics and information are sorely missing from the software quality management industry and AppLabs would like to be a key driver in rectifying this process outage. The decision was not taken lightly though, as there were and indeed still are some negatives. The TMMi Foundation is still busy defining the TMMi Levels, at the time of AppLabs decision to support the Foundation, only Level 2 was available. Level 3 has since moved on, but there is still significant work to be done on Levels 4 and 5. There is no guarantee that the ‘Industry’ will recognize this model, despite these negatives, AppLabs still felt it was a valuable investment and could reap rewards for all sponsors of the TMMi Foundation, including AppLabs, but more importantly, for the testing industry as a whole.

AppLabs is currently in the process of accrediting our TMMi model and our experienced Test Consultants with the TMMi Foundation. AppLabs will be offering TMMi reviews as part of our Consultancy Service line in the near future.

Warranty Statement:

The TMMi Foundation makes no warranties of any kind, either expressed or implied, as to any matter included, but not limited to, warranty of fitness for purpose or merchantability, exclusivity, or results obtained from use of the material. The TMMi Foundation does not make any warranty of any kind with respect to freedom from patent, trademark or copyright infringement.

The published material is produced with the permission of the TMMi Foundation. Contents should not be reproduced without the permission of AppLabs and the TMMi Foundation. TMMi® is a registered trademark of TMMi Foundation.

Owing to the ubiquity, ease of access, cost effectiveness and provision of service, the Web Application has emerged as a driving force of adoption. With the advent of web 2.0 and web 3.0 technologies, web application has evolved to be more advanced, quicker in response times. Today Web Applications are more functional and flexible, which increases their value to business operations. It is this wide acceptability and adaptability of web applications that make them an enticing target for malicious users. The increasing complexity and use of new technologies has opened doors to greater and more devastating security risks. To address these security threats and to prevent the associated negative consequences, companies need frequent and thorough web application penetration testing.

Web Application Penetration Testing (WAPT) is a legally authorized, non-functional assessment of a given web application, carried out to identify loopholes or weaknesses, otherwise known as vulnerabilities. WAPT should be carried out in a phased manner, like Information Gathering phase, Planning and Analysis phase, Vulnerability Assessment phase, Attack/ Penetration phase, and Reporting phase. This approach to testing helps ensure optimum coverage and at the same time simulate the fluid actions of a real time hacker.

In light of the growing numbers of web applications, advancements in technology employed by web applications, the constant evolution of features in web applications, and the frequent discovery of new vulnerabilities, the preferred way of ensuring security in web applications is to include security testing as part of the SDLC. However, the reality is that the ease of developing a web application and the focus on functionality and user interface has pushed security testing to the background if it happens at all. Nonetheless, Web Application Penetration Testing should be an integral part of the roll-out and life cycle of every web application.

Cloud computing, though is a viable alternative, firms get skeptic when security, reliability and manageability come into the picture. Hence a rigorous testing is mandated. So testers hone your skills, cause Gartner predicts that by 2012 80% of fortune 1000 enterprises will pay for some cloud computing service, while 30% of them will pay for cloud computing infrastructure.

Many leading venture capital firms from the U.S. are willing and have begun to bet on investing in niche Indian players. Consider this, till five years ago, an investment of $7-8 million in a niche services company, operating on an outsourcing model from India, was considered big. Today, the average size of an investment a leading venture capital company makes, is anywhere between US$20-30 million.

This growing trend among VCs of investing in ‘niche players’, gives me a sense of satisfaction for what I ventured out to do six years back, which was to set up a company focused on ‘testing and quality management’.

With an increasing number of organizations automating their business processes, there has been a growing need for these companies to test the efficiency of their software and IT systems. More than often, they prefer to engage the services of an independent testing and quality management company, to get an unbiased appraisal. As an entrepreneur, I realized the potential of the testing market and set up AppLabs in 2001, to capture the exciting and tremendous business opportunity that ‘testing’ provided. And since then, AppLabs has been growing significantly.

Contrary to what comes to mind, when thinking of a ‘specialized niche company’, AppLabs hasn’t been built around a small opportunity. In fact, it is possible to build a $ 1 billion company in this niche segment of ‘testing and quality management’. Let me illustrate my point.

Once a strong value proposition has been built to focus on a particular ‘niche segment’, one needs to identify an opportunity that is scalable. Here, I would like to clarify that, while in the Indian context, scalability often refers to how quickly a company can increase its headcount, in the U.S., it is measured by the market opportunity the company has the potential to capture. Hence, it requires determining the quantum of business already being generated by the big players in the ‘niche market’, as well as implementing an effective ‘go to market strategy’ to compete in the market for the business.

Having reached a considerable size in its industry segment, it is also advisable for the niche company to diversify into peripheral or related services. For example, a player in the ‘testing’ market, could look at providing ‘security or certification services’ as well. Also, various niche players with related business interests, could work through ‘partner referral’ programs, which would enable them to offer the entire range of specialized services, required by the customer to meet his business needs. The attempt here is not to expand by becoming an ‘end-to-end player’, but to grow the business, while being focused on one’s core service offerings. Additionally, a niche player needs to invest in and build new competencies in the focused areas. The measurement of success is when your services/products provide ‘true value’ to your customer’s business, which will help to retain as well as increase your client base.

To reinforce the ‘value proposition and branding’, ‘niche players’ periodically, need to get their messages out in the market they operate in. This could also involve ‘a re-branding’ exercise, wherein the company considers changing its logo, tagline, external and internal messaging to its customers and employees respectively. This is also a positive statement in communicating its ‘key differentiators’ from its competitors and/or to maintain its ‘leadership position’ in the industry.

A niche player could also communicate its value proposition to its customers, through new and innovative pricing and packaging. For example, a testing firm could charge for its services appropriately, after analyzing the amount the customer currently spends on technical support (post product deployment). If the spend is minimal, it could result in increased returns for the testing firm. The pricing could also vary according to the number of bugs one finds in the product.

On the packaging side, one could draw up a list of ‘top 20’ functions and charge it as a package, rather than charging for all the services. For example, in the arena of security testing, this ‘top 20’ list could constitute of a set of services deployed to detect security flaws.

A niche player should clearly articulate all the business benefits that would accrue to the customer, by engaging the company’s services, including the ‘financial savings’ in the entire product lifecycle, rather than limiting it to specific services concerned. Experience has taught me, that this is one of the strongest factors that helps win and retain customers.

‘Niche players’ are extremely effective at working closely with their customers to build and maintain long term relationships by innovating and challenging the norm in the industry, thus adding value at the project, program and organizational level. The best organizations in the world want to work with the best, and if you (as a ‘niche player’) can be the best at what you do - and this can really only happen if you focus in one area – then you will have great success.

In conclusion, I would like to add that, the toughest challenge an entrepreneur faces while building a $1billion ‘niche company’, is to convince people to believe in the ‘value proposition of offering only specialized services’. While a niche firm often succeeds in attracting the best talent with the requisite specialized skills, it does encounter challenges to retain them in the face of competition from the big ‘end to end players’ in the industry. Hence, it is imperative for a niche company to reinforce to its employees, its value proposition and belief of being a ‘big player’ in the industry, as well as offer them promising career paths.