IT teams and testers have been challenged by automated testing for decades now. It seems to me that many organisations haven’t really cracked the nut yet with regards to functional automation and many (too many) automated testing efforts fail to meet their objectives, budget and stakeholders’ expectations. Expectations seem to be lower for load and performance testing. I’m not sure if this is because it’s perceived to be more difficult or the risk is perceived to be lower or both. Either way I don’t think that’s true, but that’s for another post. There isn’t much conversation happening yet about automated security testing - yet. I find this strange considering 47% of companies surveyed for this year’s World Quality Report said that enhancing security is part of their IT Strategy. The number of security breaches is increasing – the 2018 Cyber Security Breaches Survey shows 43% of businesses in the UK experienced a security breach in the past year.
IT security testing is not just about checking that you can break in via a website vulnerability such as SQL injection. To prevent an IT security attack, security testing needs to be wider than penetration testing and should cover wider aspects of security. The good news is that it’s not as hard as you might think to make your systems more secure through a broad security testing strategy. Follow these seven steps to reduce the risk of a security breach.