Category: Security

5 Key Elements of Scaled Agile Framework

Posted on by Yogesh Kumar Gupta

The Scaled Agile Framework® (SAFe) is an online knowledge base of Tested principles to apply Lean-Agile (continuous delivery and improvement) at enterprise level. It provides a simple and lightweight experience for the software development team.

SAFe is most-popular among enterprise organizations as many of its facets focus on eliminating the common challenges teams face when scaling agile. Developed in the year 2011 to help software development teams bring better quality products to market at a faster pace. It was originally called the “Agile Enterprise Big Picture” by software-industry veteran Dean Leffingwell, who published the bestselling book Agile Software Requirements Before SAFe- when we used to build large and complex systems using Agile Methodology, the results were delayed delivery and the quality was not that great, as a result, the customer experience was also not great. SAFe tries to address these issues and software testing companies who have adopted these frameworks have shown amazing result.

When to Use Scaled Agile Framework

To fix the following inefficiencies SAFe is used.

  • Difficulty in coordinating multiple teams working on a large-scale project
  • Coping with longer planning horizons
  • Increased effort in keeping track of multiple sources of requirements
  • Un-mapped dependencies creating unexpected issues and obstacles

SAFe Core values

1. Alignment: It is necessary to keep up with the rapid change. More importance should be given to enterprise business objectives over team goals. .

2. Built-in quality: Ensures every element and increment that’s being built is of same slandered of quality.

3. Transparency: To achieve best results transparency within the organization is really important. Transparency & trust ensure that the business and development can confidently rely on another, particularly in times of difficulty.

4. Program execution: Leaders participate as Business Owners in Program Increment (PI) planning and execution, while aggressively removing impediments.

SAFe Principles:

  • Take an economic view
  • Apply systems thinking
  • Assume variability; preserve options
  • Build incrementally with fast, integrated learning cycles
  • Base milestones on objective evaluation of working systems
  • Visualize and limit WIP, reduce batch sizes, and manage queue lengths
  • Apply cadence, synchronize with cross-domain planning
  • Unlock the intrinsic motivation of knowledge workers
  • Decentralize decision-making
  • Organize around value

Highlights of SAFe

  • Agile Release Train: Is a long lived team of Agile teams, which, along with other stakeholders, incrementally develops one or more Solutions in a value stream.
  • Continuous Delivery Pipeline: Describes the workflows, activities, and automation needed to provide a constant release of value to the end user.
  • Customer Centricity: Is a mindset that focuses on creating positive experiences, such as the customer journey, which takes buyers through the full set of products and services that the enterprise offers.
  • Program Increment (PI): Is a time box in which an ART delivers incremental value. PIs are typically 8 – 12 weeks long, and the most common pattern for a PI is four development Iterations followed by one Innovation and Planning (IP) iteration.
  • Innovation and Planning (IP) Iteration: Provides the teams with an opportunity for exploration and innovation, dedicated time for planning, and learning through informal and formal channels.
  • ScrumXP: ScrumXP uses the Scrum framework for managing the team and their work as well as XP derived quality practices.
  • Team Kanban: Is a method that helps teams facilitate the flow of value by visualizing workflow, establishing Work in Process (WIP) limits.
  • Built-In Quality: Ensures every solution increment is high in quality and can readily adapt to change.

Challenges with SAFe:

As explained above SAFe agile is to overcome Agile’s pitfalls, however every model have some challenges and so does SAFe. A few of them can be as follows:

  • Primarily Top-Down Decision Making: Due to which it Possesses Similarities to waterfall model.
  • Terminology Heavy: There are 4 levels in SAFe. Coupled with its use of Lean, Agile, and;
  • System Thinking: It does end up with a significant amount of terminology and body of knowledge.

In short, SAFe is a framework which gives us alignment not only with the team(lower level) and program level(middle) but also helps us align to with organization strategy(top level) and how a team’s works in adding value to customers right from the top level. It is available in different configurations, and companies can take advantage of it.

SAFe comes in various configurations, depending on the specific needs of an organization. These configurations include Essential SAFe, Large Solution SAFe, Portfolio SAFe, and Full SAFe, each offering different levels of guidance and complexity to address different organizational contexts.

It’s important to note that while SAFe is widely adopted in many enterprises, it’s not the only approach to scaling Agile practices. Organizations should carefully assess their own context, needs, and culture before deciding on the best approach to scale Agile within their organization.

Uncover the hidden bugs with Non Functional Testing.

Posted on by Yogesh Kumar Gupta

Even when you think you have got it right, Non Functional Testing can expose the hidden flaws

This is your big idea. Maybe, not necessarily yours, it’s your client’s. But you have spent months mulling over the concept, assembling the best team of developers and you are ready to go. Your end goal is to solve problems and make life easier for the end user, right? Well, achieving client satisfaction and maintaining a positive end-user experience is hinged on one important factor; Testing.

Quality Assurance (QA) is a pivotal part of your mobile/web application development lifecycle. Whether it be a pre-installed, installed, or browser-based app, rigorous testing of functionality, compatibility, and usability, among others must be done every step of the way.

Functional Testing

Functional testing is an important and popular step in the app development process. Primarily because, focusing on an AUT’s ability and efficiency to perform as required is second nature to QA practice. However, it is important to note that non-functional testing is as equally important as functional testing because it greatly affects client satisfaction and the whole user experience. In this article, I will attempt to explain what QA non-functional testing is, differentiate between functional and non-functional testing, and highlight the importance of non-functional testing.

Non-functional Testing

It is a type of software test for assessing the non-functional aspects (e.g. performance, usability, reliability, etc.) of a software application. It is essentially aimed at testing the abilities of a system on such non-functional parameters which are usually not done by functional testing. In other words, this testing handles the aspects of a software application which is not connected with the defined user action or a function.

TYPES OF NON-FUNCTIONAL TESTING

Security Testing:

This checks how a system is safeguarded against intentional or spontaneous attacks from known or unknown sources, also known as VAPT (Vulnerability and Penetration Testing). It also detects loopholes within the system and measures the vulnerability of an AUT to being hacked.

Both Manual and Automated assessment of vulnerabilities through active and passive scans are part of this testing.

Performance Testing:

Performance testing encompasses a number of parameters. 

  • Load Testing: Load testing checks  the ability of a system/ AUT to deal with different numbers of users given a performance range. 
  • Stress Testing: Stress Testing assesses the tenacity of an AUT, measuring what happens to the system when put under valid load in excess of its originally designed capacity. For instance, how many users working on a particular app at a time can cause it to crash?
  • Endurance Testing: This test is essential to know the stability of the system over a period of time and to see if small errors that are accumulated over the said period can affect the efficacy and integrity of the system.
  • Recovery Testing: This checks that the software system continues to perform to the required standards and recovers completely in the unfortunate case of a system failure.
  • Reliability Testing: This is done to check the extent to which any software system repeatedly performs a given function without failure. 
  • Scalability Testing: The scalability test is essential for commercialization of a product. It measures the extent to which a software application can expand its processing capacity to meet an increase in demand. 

Portability Testing:

The ease with which a software can be changed or transferred from its current environment (hardware/software) to  another is checked by portability testing.

Usability Testing: 

The ease with which any user can learn, operate, and interact with a system is measured by the usability test.

Other tests performed during the non-functional testing phase include Failover Testing, Compatibility Testing, Accessibility Testing, Maintainability Testing, Volume Testing, Disaster Recovery Testing, Compliance Testing, Documentation Testing, Internationalization and Localization Testing etc.

Ultimately, the motive of this is to test all characteristics of an application that would help to produce a product that meets the expectations of the user. It helps to improve the developer’s knowledge of the product behaviour, latest trends in technology and supports research development.

Functional Testing and Non Functional Testing: Two Different Concepts

The major difference between the two types of testing is this: Functional testing ensures that your product meets customer and business requirements and doesn’t have any major bugs. Non-functional testing verifies that the product meets the end user’s expectations. 

Functional Testing:

Functional testing is a type of software testing that evaluates the system against the functional requirements. It focuses on verifying that the software/application performs its intended functions correctly. The objective is to ensure that the system meets the specified functional requirements and operates as expected.

Non-Functional Testing:

Non-functional testing, also known as quality attributes testing, focuses on evaluating the performance, reliability, usability, and other non-functional aspects of a software/application. It aims to assess the system’s behavior under different conditions, rather than its specific functionalities.

The major difference between the two types of testing is this: Functional testing ensures that your product meets customer and business requirements and doesn’t have any major bugs. Non-functional testing verifies that the product meets the end user’s expectations.

Functional and Non-Functional tests are technically differentiated from each other based on their objective, focus area, functionality, ease of use, and execution.

Functional and Non-Functional tests are technically differentiated from each other based on their objective, focus area, functionality, ease of use and execution.

Objective: 

Functional testing assesses the behavior of the software system of the AUT such as login function, valid/ invalid inputs, etc. whereas Non-functional testing deals with the performance or usability of the software.

Focus area:

Functional testing focuses on customer requirements, while Non-functional testing focuses on user expectations.

Functionality: 

Functional tests check that the system works as expected. It testing checks how well the system works.

Ease of use: 

Functional testing is easy to execute manually, like black box testing but it is hard to execute non-functional testing manually. It is more feasible to use automated tools.

Execution:

Functional testing generally gets performed before non-functional testing, i.e. before the compilation of code while Non-Functional testing is mostly performed after the compilation of code.

Now, imagine finalizing the masterpiece you have created, and testing its functional requirements fully, leaving out its non-functional requirements.

Would you like to predict what would happen when the application is subjected to a massive load when it goes live? Would you be confident of its stress capabilities?

Would you want to imagine how slow it may become? What if it crashes on product launch day? Or an unauthorised party completely takes over the functionality of the system? These scenarios depicted make no pleasurable viewing. I wouldn’t want to touch such a product with a ten-foot pole or be associated in any way with it.

Though testing over the years have been traditionally limited to the functional requirements, the concept of non-functional testing has gradually become an integral part of software processing, without which consumer expectations may not be fully met. When a product fails to meet these expectations, it affects the reputation of the developers, company, and even the overall product sale. This is why non-functional testing cannot be ignored.

Both functional and non-functional testing are crucial for ensuring the overall quality, reliability, and user satisfaction of a software/application. They complement each other by validating different aspects of the system’s performance and behavior.

Non-functional testing is primarily focused on evaluating the performance, reliability, security, and usability aspects of a software system. While it may not directly target detecting hidden bugs, it can indirectly help uncover certain types of bugs or issues that may not be apparent during functional testing.

While non-functional testing techniques can help uncover hidden bugs indirectly, it’s important to note that functional testing, which tests against the expected behavior and requirements, remains essential for detecting most bugs and ensuring the software meets its intended purpose.

When you think you have got it right, it will expose all the hidden flaws!

Non Functional Governance

Posted on by Yogesh Kumar Gupta

One of the key factors determining your product success is the end user’s experience of using your product. And you would agree that its way beyond just functional correctness of your product. Whole lot of factors like usability, performance and security determine how end user feels about your product. Unfortunately these performance, security and usability testing are often looked at towards end of development lifecycle.

How Crestech helps govern your non functional requirements

Though our Non functional governance solution, Crestech help enterprises in setting up and managing Non Functional governance centers within their development teams  so that non functional requirements like performance, security, usability, content etc. are tested throughout the SDLC and not just towards the end. This includes

  • Defining all the non functional parameters that impact product usage experience
  • Validating product requirements for completeness of Non Functional parameters
  • Setting up development best practices around non functional aspects of product
  • Setting up periodic code and architecture reviews to flush out usability, performance and security flaws early in lifecycle
  • Testing the code for performance, usability and security right from unit level to integration and system level
  • Building dashboards to reflect and quantify Non functional quality index of application

Understanding Security Compliances

Posted on by Yogesh Kumar Gupta

Digital transactions and Security Compliances are increasing rapidly and more people than ever are using these platforms. Statutory & Regulatory bodies across the world are continuously protecting this digital information of the users from mishandling or theft. Data Protection law in European Union is even more stringent now after GDPR compliance came into force. Purpose of all this being to safeguard interest of the end users.

At a Glance

Compliance Frameworks are sets of guidelines and best practices. Organizations follow these guidelines to meet regulatory requirements, improve processes, strengthen security, and achieve business objectives. Non-Compliant organizations face security breaches. When a company suffers a security breach, it is often difficult to quantify the totality of the damage, in part because there are so many potential financial consequences. Some of the biggest security breaches in recent years are:

  • Leading Pharma firm slapped with $4.3 M penalty for HIPAA violations.
  • Marketing firm leaked a personal information database with 340 million records.
  • Leading Airlines was fine $230m for data breach
  • Leading Hotel chain was fined for $124m for data breach of 500m customers

Know the Security Regulations

Payment Card Industry Data Security (PCI-DSS) : Organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM and POS cards fall under this regulation. These compliances results in tapping the financial frauds, primarily through protecting debit/credit card and account information of the customers. Noncompliance to PCI-DDS can cost between $5,000 and $100,000 per month as fine.

Health Insurance Portability and Accountability Act ( HIPAA): This bill puts in place many regulations regarding the security of patient data. Companies that handle healthcare data, from hospitals and clinics to insurance companies, are required to comply with HIPAA regulations. Penalties for non-compliance and Security Compliances can range from $100 to $50,000 per violation, with a maximum penalty of $1.5 million annually

Sarbanes Oxley Act (SOX) : It is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. This act requires companies to maintain financial records for seven years. Affected companies include U.S. public company boards, management and public accounting firms.

Federal Information Security Management Act ( FISMAA) : The Federal Information Security Management Act of 2002 treats information security as a matter of national security for federal agencies. Comprehensive framework for ensuring the effectiveness of information security controls over information resources. It requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information systems that support the operations and assets of the agency.

General Data Protection Regulation(GDPR) : It aims to protect citizens in the European Union (EU) from data breaches. The GDPR applies to all companies processing personal data for people residing in the EU, even if that company is not physically located or based in the EU. Companies that fail to comply can face massive fines equaling four percent of their global turnover, or 20 million euros, whichever is higher.

Gramm Leach Bliley Act (GLBA) : This Security Compliances is a United States federal law that requires financial institutions to explain how they share and protect their customers private information. It requires financial institutions that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information sharing practices to their customers and to safeguard sensitive data.

Why Organizations need compliance?

Enhanced risk management framework: Compliance regulations help in defining a proactive security and risk posture for any organization, and then translating that posture to actionable security controls.

Reassure Customers: Compliance regulations help in protecting customer data which helps in achieving customers trust and contributes to brand reputation.

Avoid breaches which in turn minimize losses: Regulations prevents breaches, which can cost millions of dollars and dent organization’s exchequer. Due to the data breach, many companies end up losing revenues in sales, additional repair costs of the application and legal fees, all of which can be avoided with the right preventive measures.

Security Compliance grows even more challenging

Organizations have been earnestly taking precautionary measures against risks, continuous compliance of their environment and proactive IT operation processes. Since each major security standard involves an evolving set of specific requirements, achieving security compliance can be complicated, costly and challenging.

  • Key Challenges that organizations must address in order to optimize their security and compliance programs:
  • Continuous monitoring of the compliances adherence for geographies where it operates over evolving technologies
  • Recognize the impact of a security breach.
  • Create a security strategy that’s at pace with the ever-changing security and technology landscape.
  • Adjust to the rapid growth in Endpoints which can drive up the challenge for any organization’s ability to make sure each device is compliant with industry standards.
  • Acquire skilled resources to apply these compliances

Achieving compliance within a regulatory framework is an ongoing process. Organizations, environment is always changing, and the operating effectiveness of a control may break down. So, choosing an appropriate compliance policy, applying effective controls, regular monitoring and reporting is a must. An automated compliance monitoring can be the solution. Data analytics are now well established as a very effective way to monitor and test many forms of transactions and other activities that are impossible to examine manually.

Consideration while Implementing compliance framework

  • Accurate assessment of the business’s needs relative to IT and IOT using a risk-based orientation.
  • Adoption and application of an appropriate standards-based framework.
  • Creation or adjustment of your security and compliance architecture.
  • Selection of strategic vendors/partners whose technical abilities, strategic vision, and commercial strength and viability, will support any architecture and it’s core capabilities will address the challenges these trends present to an organization.
  • Development, phased implementation and deployment of security and compliance plan, prioritized by business risk.
  • Implementation of continuous automated monitoring programs.

In summary, we understand that security non-compliance can cost heavy to business and its reputation. So, to the online platform this is not a choice anymore. Based on the nature of business and the geographies of operation though analysis is needed to understand and apply the security compliances. Continuous evolving strategy should be planned to ensure the business is always complied to the latest compliance and technology needs.

To get more information on our software security testing services, please browse our service page.