SlideShare ist ein Scribd-Unternehmen logo
1 von 34
Downloaden Sie, um offline zu lesen
Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Deliver Flawless Mobile Apps Faster With CI/CD & CT
2 | Advanced Codeless Testing for Web Apps
Today’s Speakers:
Eran Kinsbruner
• Chief Evangelist and author at Perfecto
• Blogger and speaker
• 19+ years in development & testing
• Author of “The Digital Quality Handbook”
and “Continuous Testing for DevOps
Professionals”
• @ek121268
Brian Reed • Chief Mobility Officer at NowSecure
• Leading the Mobile DevSecOps Charge at NowSecure
• Helping Fortune 2000 and Gov agencies deliver high quality and
secure mobile apps faster
• Advisor, Speaker, & Writer
• @reed_on_the_run
perfecto.io & NowSecure.com3 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Today’s Agenda
1
2
The CI/CT/CD trifecta & DevOps
How to fit automated security and functional testing inside the DevOps process
https://www.perfecto.io/resources/state-test-automation
3 Common pitfalls in mobile app security and how to overcome them
5 Q&A
4 Fundamentals of continuous testing (CT) strategy for CI/CD/CT pipelines
perfecto.io & NowSecure.com4 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Mobile Apps Drive Global Economy
perfecto.io & NowSecure.com5 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
The Mobile App Conundrum
100%
of mobile devs want to
build great apps.
100%
of mobile companies
want happy customers.
85%
of mobile apps
have security bugs.
70%
of mobile apps leak
personal data and
violate GDPR/CCPA.
9%
of organizations
automate over 75% of
their test cases.
14%
of organizations can
release software daily.
perfecto.io & NowSecure.com6 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
OPTIMIZED
DELIVERY PIPELINE Innovation
Throughput
Quality of
Output
Time Cost
Today — DevOps Process Probably Looks Like This
Process
Impact
Organizational
Impact
2-3 WEEKS 1-3 WEEKS
❌ Unstable
❌ Labor-intensive
❌ Cluttered
❌ Slow
• Manual testing.
• Unreliable and flaky
executions.
• Long time to analyze results
and fix issues.
• Slows time to release.
• Increases risk and reduces
flexibility during the cycle.
• Reduces innovation time
versus bug fixes time.
• QA and security often not
part of the daily cycle.
• Testing holds back
innovation.
”End of
Cycle”
Testing
perfecto.io & NowSecure.com7 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Continuous Integration — Ability to merge all developer
code and automatically build apps throughout the day.
Introduction to CI/CD
Dev Functional
Test
Acceptance
Test
Security
Test
Deploy
Continuous Deployment — Ability to automatically
deploy new app functionality throughout the day.
Build
Continuous Integration Continuous Delivery
perfecto.io & NowSecure.com8 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
What Is Continuous Testing?
Continuous testing is the process of executing automated
high-value tests as a part of the software delivery pipeline
in order to obtain feedback on business risks associated
with a software release upon every code change.
perfecto.io & NowSecure.com9 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
CT Enables Efficient CI/CD
Source: Dan Ashby
perfecto.io & NowSecure.com10 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Source: DORA Report
Key Benefits of a Mature DevOps Program
perfecto.io & NowSecure.com11 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Leverage Test Automation to Optimize the Pipeline
vs
OPTIMIZED
PIPELINE Innovation
Throughout
Quality of
Output
Time Cost
perfecto.io & NowSecure.com12 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Contributing Factors: Common Challenges in Test Automation
Automation Skillset
Merging Tests Into Pipeline
Escaped Defects Due to Noise
Advanced Automation Scenarios
Challenge to Setup Test Environment Designed for
Testability
Time Spent to Analyze Reports
Testing Is Done Separately
Test Maintenance & Digital Platforms Coverage Lack of Time to Automate
It all boils down to people, processes, and/or technology.
How to Fit Automated Functional and Security Testing
into Mobile DevOps Pipeline
perfecto.io & NowSecure.com14 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
T H E D E V O P S M A N I F E S T O
 Continuous testing over testing at the end.
 Embracing all testing activities over only automated functional testing.
 Testing what gives value over testing everything.
 Testing across the team over testing in siloed testing departments.
 Product coverage over code coverage.
The Agile Testing Manifesto
perfecto.io & NowSecure.com15 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Working Together
D E V Q A S E C
perfecto.io & NowSecure.com16 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
The Software Delivery Lifecycle
Commit
Code
Build
Binary
Deploy
Staging
Test Binary
Requirements & Design
Common Goals
• Build high-quality software.
• Bring together security, QA,
& dev.
• Improve test coverage.
• Build testing into the pipeline.
• Enable faster release cycles with
scalability.
• Improve productivity and
efficiency.
perfecto.io & NowSecure.com17 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
The Software Delivery Lifecycle — Functional Testing
High Mobile Quality
& UX Requires
• Balance between real and virtual
device testing.
• Testing against real user conditions.
• Leveraging a cloud-based solution to
continuously maintain your lab.
• Automation of the key business
transactions.
• Fast feedback driven by smart
reporting and analysis.
Commit
Code
Build Binary
Deploy
Staging
Test Binary
Requirements & Design
Real Device Cloud-Based Testing
and Actionable Feedback
Unit & Smoke Testing on
Virtual/Real Platforms
perfecto.io & NowSecure.com18 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
The Software Delivery Lifecycle — Security Testing
Security Testing
• Tests in dev, build and prod.
• Leverages automation and direct
toolchain integrations.
• Binary testing provides most complete
code and risk coverage.
• Tune testing frequency and depth to
mobile app risk level.
• Dev remediation instructions for speed.
• High accuracy for low false positives.
Commit
Code
Build Binary
Deploy
Test Binary
Requirements & Design
Auto Monitor in Production
Staging
SCA Repo Security Scans
Auto Security Tests Every Build
Auto Generates Issue Tickets
Static Source
Security Scans
Common Pitfalls in Mobile App Security
& How to Overcome Them
perfecto.io & NowSecure.com20 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Mobile App Security Risks Are Real & Pervasive
perfecto.io & NowSecure.com21 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
OWASP Mobile Top 10 — Areas Of Common Failure
M1 - Improper Platform Usage Misuse of features like Touch ID, permissions, keychain. 4% Fail
M2 - Insecure Data Storage Data leakage, client-side injection, weak server-side controls. 50% Fail
M3 - Insecure Communication Poor handshake, SSL/TLS/cert issues, transfer in clear text. 48% Fail
M4 - Insecure Authentication Improper identity management, weak session management. 5% Fail
M5 - Insufficient Cryptography Lack of crypto, improper crypto use. 8% Fail
M6 - Insecure Authorization Improper local authentication, forced browsing. 2% Fail
M7 - Client Code Quality Code mistakes e.g. buffer overflows, format string vulns. 32% Fail
M8 - Code Tampering Binary patching, method hooking/swizzling, memory mods. 11% Fail
M9 - Reverse Engineering Exposure to attacker reversing tools. 32% Fail
M10 - Extraneous Functionality Dev/QA inadvertent disabling security, hidden backdoors. 47% Fail
perfecto.io & NowSecure.com22 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Inside the Mobile Attack Surface
Code Functionality
Data at Rest Data in Motion
Data Center
& App Backend
• GPS spoofing
• Buffer overflow
• allowBackup Flag
• allowDebug Flag
• Code obfuscation
• Configuration manipulation
• Escalated privileges
• URL schemes
• GPS leaking
• Integrity/tampering/repacking
• Side channel attacks
• App signing key unprotected
• JSON-RPC
• Automatic reference counting
• Dynamic runtime injection
• Unintended permissions
• UI overlay/pin stealing
• Intent hijacking
• Zip directory traversal
• Clipboard data
• World readable files
• Data caching
• Data stored in application directory
• Decryption of keychain
• Data stored in log files
• Data cached in memory/RAM
• Data stored in SD card
• OS data caching
• Passwords & data accessible
• No/weak encryption
• TEE/Secure enclave processor
• Side channel leak
• SQLite database
• Emulator variance
• Wi-Fi (no/weak encryption)
• Rogue access point
• Packet sniffing
• Man-in-the-middle
• Session hijacking
• DNS poisoning
• TLS Downgrade
• Fake TLS certificate
• Improper TLS validation
• HTTP Proxies
• VPNs
• Weak/no local authentication
• App transport security
• Transmitted to insecure server
• Zip files in transit
• Cookie “httpOnly” flag
• Cookie “secure” flag
• Android rooting/iOS jailbreak
• User-initiated code
• Confused deputy attack
• Media/file format parsers
• Insecure 3rd party libraries
• World writable files
• World writable executables
WEB + SAST VENDORS
APPS
FRAMEWORKS
NATIVE LIBRARIES
KERNEL
HAL
HARDWARE
TEST
APP
API Backends
Network &
Cloud Services
perfecto.io & NowSecure.com23 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Data Center
& App Backend
Network &
Cloud Services
NowSecure Mobile AppSec Testing Checklist
APPS
FRAMEWORKS
NATIVE LIBRARIES
KERNEL
HAL
HARDWARE
TEST
APP
✓ Man in the middle: cert validation
✓ Man in the middle: hostname veri.
✓ Man in the middle: HTTP connections
✓ SSL downgrade
✓ Unprotected TLS traffic
✓ Cookie flags
✓ Certificate validity
✓ …
✓ App files and log files
✓ Keychain
✓ SD Card
✓ World writable files
✓ World readable files
✓ RAM
✓ Unencrypted credential storage
✓ SQLite databases
✓ Secure enclave processor
✓ …
✓ Development flags
✓ Automatic reference counting
✓ Stack smashing
✓ Bad authentication/authorization
✓ Root access
✓ Path traversal
✓ SQL injection
✓ Vulnerable third party libraries
✓ Heartbleed
✓ Bad cryptography
✓ App transport security
✓ Obfuscation
✓ …
Code Functionality Data in MotionData at Rest
Automated Mobile App Security Testing on Real Devices
Analyzes the binary post-compilation
to discover vulnerabilities including
those in third-party libraries.
Static Testing [SAST]
Inspects the binary at runtime collecting
telemetry from the “inside out” to find
vulnerabilities with near zero false
positives.
Interactive Testing [IAST]
Attacks the binary, device, network, and
APIs at runtime from the “outside in” to find
vulnerabilities with near zero false
positives.
Dynamic Testing [DAST]
TEST
APP
perfecto.io & nowsecure.com24 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
NowSecure Platform
One Portal for Your Mobile App Security & Privacy Testing Needs
• Web Interface
• Apple App Store
• Google Play
• CI/CD Plugins
• Enterprise App Store
• MDM/EMM Integration
• Restful API
• Interactive Binary Analysis
• Dynamic Binary Analysis
• Static Binary Analysis
• CVSS Security Score
• Compliance Checks
• Findings Descriptions
• Remediation Instructions
1
NowSecure Automated
Analysis Engine
Device Pool
Upload/Download Binary Fully Automated Testing
• Web Interface
• Report PDF
• Restful API & JSON
• Issue Tracking Tools
• Vulnerability Management
Dashboards
3
Flexible Output Options
2
perfecto.io & NowSecure.com25 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Commit
Code
Build Binary
Deploy
Staging
Test Binary
NowSecure Powers Your Secure Toolchain
Requirements & Design
Auto Test Every Build
Auto Generate Issue Tickets
The Path Towards Continuous Testing
perfecto.io & NowSecure.com27 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
1 2 3 4 5
Stable automation Daily cycle Increase coverage Reach 95% Continuous testing
W H A T Y O U ’ L L G E T
W H A T Y O U ’ L L N E E D
• 99.9% availability lab
• Evidence collection
• Process integration
• CI
• Defect tracking
• Vuln tracking
• Execution control
• Dashboarding
• Create scripts
• Maintain scripts
• Understand what’s
wrong
• Skillset matched tool
• False negative
detection in reports
• Accurate findings for
low False positives
• Threat-modelling to
tune testing to risk
• Test on real devices
• Run tests daily
• Run tests on each build
• Get results in minutes
• Fast feedback loops
• Valuable coverage
• Meaningful daily
feedback
• Advance validations
• Visual automation
• Basic orchestration
• Up-to-date lab
• Scaled lab
• Analysis grouping
• Role-based routing
• Automate all that
possible & reasonable
• Advanced
orchestration
• Elasticity
• Sharding
• Environment
control
• Scaled reporting
• Nightly 
Continuously
• Cloud execution
• Very high scale
D E V O P S F R I E N D L Y Z O N E
The Path to Continuous Testing
perfecto.io & NowSecure.com28 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Source: John Ferguson Smart
Continuous Testing, Feedback, Visibility, and Business Value —
A Full Team Objective. How and When Does Security Fit?
perfecto.io & NowSecure.com29 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Pipeline Example: What Good Looks Like
Relevant Unit Testing
High-Value Smoke Testing:
Functional, API, Integration, Component and Security Testing
Regression on Real Devices:
Mixed Functional, Non-Functional, Performance and Security Testing
perfecto.io & NowSecure.com30 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Perfecto Continuous Testing Platform
Cloud-Based Test
Environment
Smart Automation
Test Creation
& Execution
Authoring
Debugging Validations
Maintenance
Orchestration
Scheduling Test Environment Control
Self-Healing
Elastic
Artifacts Collection
Browsers &
Desktop
Mobile
Devices
Mobile
Simulators / Emulators
Smart Reporting
& Analytics
Smart
Analytics
Heatmaps
Root Cause
Analysis
Cross-Platform
Analysis
Continuous
Integration
Analysis
perfecto.io & NowSecure.com31 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
Perfecto’s Smart Continuous Testing Solution
Smart Execution
Fast and parallel test execution with
multi-team orchestration abilities and
management.
Smart Analytics
"Single pane of glass" provides
visibility and scales to support
millions of test results.
Smart Creation
Automation creation that matches your
team’s skillset (Appium, Espresso,
XCUITest, Quantum BDD).
Smart Lab
Always on and stable. Always up
to date. Supports all mobile OS
and platforms.
The Perfecto
human factor
increases your
chances to succeed.
v
Black Belt
Testing Experts
Training
Dedicated
Success Manager
24/7 VIP
Support
perfecto.io & NowSecure.com32 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc
The 4 Key Pillars of Continuous Testing in DevOps
Automation for effective use of Time, Tools, & Resources
This is where value is being
realized, quality is improved
Unified Functionality + Security Approach serves DevOps with greater effectiveness.
Automated test analysis
• Fast feedback
• Root cause analysis
• Risk based coverage
Test creation and
maintenance
• Authoring tool
• Validations
• Accuracy
• Coverage
Eran Kinsbruner
Perfecto
Brian Reed
NowSecure
Thank You!

Más contenido relacionado

Was ist angesagt?

DevOps for Mobile: Delivering a 5-Star App Experience to Your Mobile Users
DevOps for Mobile: Delivering a 5-Star App Experience to Your Mobile UsersDevOps for Mobile: Delivering a 5-Star App Experience to Your Mobile Users
DevOps for Mobile: Delivering a 5-Star App Experience to Your Mobile UsersCA Technologies
 
A DevOps Primer: Whole Team Approaches for Better Software Quality
A DevOps Primer: Whole Team Approaches for Better Software QualityA DevOps Primer: Whole Team Approaches for Better Software Quality
A DevOps Primer: Whole Team Approaches for Better Software QualityTechWell
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Corporate Presentation | Software Testing Company USA | Indium
Corporate Presentation | Software Testing Company USA | IndiumCorporate Presentation | Software Testing Company USA | Indium
Corporate Presentation | Software Testing Company USA | IndiumIndium Software
 
How To Sell Into Insurance with Perfecto
How To Sell Into Insurance with PerfectoHow To Sell Into Insurance with Perfecto
How To Sell Into Insurance with PerfectoLizzy Guido (she/her)
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
Coding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesCoding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesPerforce
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsSmartBear
 
Maturing your path toward DevOps with Continuous Testing
Maturing your path toward DevOps with Continuous TestingMaturing your path toward DevOps with Continuous Testing
Maturing your path toward DevOps with Continuous TestingPerfecto Mobile
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
Parasoft Case Study: Wipro
Parasoft Case Study: WiproParasoft Case Study: Wipro
Parasoft Case Study: WiproErika Barron
 
Mobile DevOps - Trends and Chellenges
Mobile DevOps - Trends and ChellengesMobile DevOps - Trends and Chellenges
Mobile DevOps - Trends and ChellengesSanjeev Sharma
 
IBM Innovate DevOps for Mobile Apps
IBM Innovate DevOps for Mobile Apps IBM Innovate DevOps for Mobile Apps
IBM Innovate DevOps for Mobile Apps Sanjeev Sharma
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft
 
Panoramic Quality: The Fellowship of Testing in DevOps
Panoramic Quality: The Fellowship of Testing in DevOpsPanoramic Quality: The Fellowship of Testing in DevOps
Panoramic Quality: The Fellowship of Testing in DevOpsBrendan Connolly
 
How to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsHow to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsPerforce
 
Addressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test AutomationAddressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test AutomationTechWell
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTechWell
 

Was ist angesagt? (20)

DevOps for Mobile: Delivering a 5-Star App Experience to Your Mobile Users
DevOps for Mobile: Delivering a 5-Star App Experience to Your Mobile UsersDevOps for Mobile: Delivering a 5-Star App Experience to Your Mobile Users
DevOps for Mobile: Delivering a 5-Star App Experience to Your Mobile Users
 
A DevOps Primer: Whole Team Approaches for Better Software Quality
A DevOps Primer: Whole Team Approaches for Better Software QualityA DevOps Primer: Whole Team Approaches for Better Software Quality
A DevOps Primer: Whole Team Approaches for Better Software Quality
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
Corporate Presentation | Software Testing Company USA | Indium
Corporate Presentation | Software Testing Company USA | IndiumCorporate Presentation | Software Testing Company USA | Indium
Corporate Presentation | Software Testing Company USA | Indium
 
How To Sell Into Insurance with Perfecto
How To Sell Into Insurance with PerfectoHow To Sell Into Insurance with Perfecto
How To Sell Into Insurance with Perfecto
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service Virtualization
 
Coding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR GuidelinesCoding Safe Modern C++ With AUTOSAR Guidelines
Coding Safe Modern C++ With AUTOSAR Guidelines
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
 
Maturing your path toward DevOps with Continuous Testing
Maturing your path toward DevOps with Continuous TestingMaturing your path toward DevOps with Continuous Testing
Maturing your path toward DevOps with Continuous Testing
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
 
Parasoft Case Study: Wipro
Parasoft Case Study: WiproParasoft Case Study: Wipro
Parasoft Case Study: Wipro
 
Mobile DevOps - Trends and Chellenges
Mobile DevOps - Trends and ChellengesMobile DevOps - Trends and Chellenges
Mobile DevOps - Trends and Chellenges
 
IBM Innovate DevOps for Mobile Apps
IBM Innovate DevOps for Mobile Apps IBM Innovate DevOps for Mobile Apps
IBM Innovate DevOps for Mobile Apps
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test Environments
 
Panoramic Quality: The Fellowship of Testing in DevOps
Panoramic Quality: The Fellowship of Testing in DevOpsPanoramic Quality: The Fellowship of Testing in DevOps
Panoramic Quality: The Fellowship of Testing in DevOps
 
How to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsHow to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOps
 
Addressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test AutomationAddressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test Automation
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
 
Four Keys to Efficient DevOps
Four Keys to Efficient DevOpsFour Keys to Efficient DevOps
Four Keys to Efficient DevOps
 

Ähnlich wie Deliver Flawless Mobile Apps Faster with CI/CD & CT

Best Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingBest Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingPerfecto by Perforce
 
Enhancing your Test automation Scenario Coverage Using Selenium by Eran Kinsb...
Enhancing your Test automation Scenario Coverage Using Selenium by Eran Kinsb...Enhancing your Test automation Scenario Coverage Using Selenium by Eran Kinsb...
Enhancing your Test automation Scenario Coverage Using Selenium by Eran Kinsb...QA or the Highway
 
How to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can TrustHow to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can TrustPerfecto by Perforce
 
Fast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App TestingFast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App TestingPerfecto by Perforce
 
Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...
Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...
Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...Perfecto by Perforce
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Perforce
 
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
5 Mobile App Trends & What They Mean for Dev & Testing
5 Mobile App Trends & What They Mean for Dev & Testing5 Mobile App Trends & What They Mean for Dev & Testing
5 Mobile App Trends & What They Mean for Dev & TestingPerfecto by Perforce
 
Keeping Your Continuous Test Automation Continuously Valuable
Keeping Your Continuous Test Automation Continuously ValuableKeeping Your Continuous Test Automation Continuously Valuable
Keeping Your Continuous Test Automation Continuously ValuablePerfecto by Perforce
 
Integrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsIntegrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsTechWell
 
Mastering Cross-Browser Test Automation With Cypress and Selenium
Mastering Cross-Browser Test Automation With Cypress and SeleniumMastering Cross-Browser Test Automation With Cypress and Selenium
Mastering Cross-Browser Test Automation With Cypress and SeleniumPerfecto by Perforce
 
Using DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the CloudUsing DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the CloudTechWell
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresSBWebinars
 
Accelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationAccelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationPerfecto by Perforce
 
Verivo and Forrester Mobile Strategies
Verivo and Forrester Mobile StrategiesVerivo and Forrester Mobile Strategies
Verivo and Forrester Mobile StrategiesVerivoSoftware
 
How AI and ML Can Accelerate and Optimize Software Development and Testing
How AI and ML Can Accelerate and Optimize Software Development and TestingHow AI and ML Can Accelerate and Optimize Software Development and Testing
How AI and ML Can Accelerate and Optimize Software Development and TestingAggregage
 

Ähnlich wie Deliver Flawless Mobile Apps Faster with CI/CD & CT (20)

Best Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingBest Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility Testing
 
Enhancing your Test automation Scenario Coverage Using Selenium by Eran Kinsb...
Enhancing your Test automation Scenario Coverage Using Selenium by Eran Kinsb...Enhancing your Test automation Scenario Coverage Using Selenium by Eran Kinsb...
Enhancing your Test automation Scenario Coverage Using Selenium by Eran Kinsb...
 
How to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can TrustHow to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can Trust
 
Fast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App TestingFast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
 
Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...
Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...
Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
 
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
apidays LIVE New York 2021 - API Automation For DevOps at Scale by Rod Cope, ...
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
5 Mobile App Trends & What They Mean for Dev & Testing
5 Mobile App Trends & What They Mean for Dev & Testing5 Mobile App Trends & What They Mean for Dev & Testing
5 Mobile App Trends & What They Mean for Dev & Testing
 
Keeping Your Continuous Test Automation Continuously Valuable
Keeping Your Continuous Test Automation Continuously ValuableKeeping Your Continuous Test Automation Continuously Valuable
Keeping Your Continuous Test Automation Continuously Valuable
 
Integrating Automated Testing into DevOps
Integrating Automated Testing into DevOpsIntegrating Automated Testing into DevOps
Integrating Automated Testing into DevOps
 
Mastering Cross-Browser Test Automation With Cypress and Selenium
Mastering Cross-Browser Test Automation With Cypress and SeleniumMastering Cross-Browser Test Automation With Cypress and Selenium
Mastering Cross-Browser Test Automation With Cypress and Selenium
 
Using DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the CloudUsing DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the Cloud
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
Accelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test AutomationAccelerating Digital Transformation With API Lifecycle & Test Automation
Accelerating Digital Transformation With API Lifecycle & Test Automation
 
Verivo and Forrester Mobile Strategies
Verivo and Forrester Mobile StrategiesVerivo and Forrester Mobile Strategies
Verivo and Forrester Mobile Strategies
 
How AI and ML Can Accelerate and Optimize Software Development and Testing
How AI and ML Can Accelerate and Optimize Software Development and TestingHow AI and ML Can Accelerate and Optimize Software Development and Testing
How AI and ML Can Accelerate and Optimize Software Development and Testing
 

Mehr von Perfecto by Perforce

Cloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More AccessibleCloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More AccessiblePerfecto by Perforce
 
Cognitive Engineering - Shifting Right with Gated.AI Testing - DevOps Next
Cognitive Engineering - Shifting Right with Gated.AI Testing - DevOps NextCognitive Engineering - Shifting Right with Gated.AI Testing - DevOps Next
Cognitive Engineering - Shifting Right with Gated.AI Testing - DevOps NextPerfecto by Perforce
 
The Rise and Benefits of Robotic Process Automation (RPA) - DevOps Next
The Rise and Benefits of Robotic Process Automation (RPA) - DevOps NextThe Rise and Benefits of Robotic Process Automation (RPA) - DevOps Next
The Rise and Benefits of Robotic Process Automation (RPA) - DevOps NextPerfecto by Perforce
 
The New Categories of Software Defects in the Era of AI and ML - DevOps Next
The New Categories of Software Defects in the Era of AI and ML - DevOps NextThe New Categories of Software Defects in the Era of AI and ML - DevOps Next
The New Categories of Software Defects in the Era of AI and ML - DevOps NextPerfecto by Perforce
 
Moving to Modern DevOps with Fuzzing and ML - DevOps Next
Moving to Modern DevOps with Fuzzing and ML - DevOps NextMoving to Modern DevOps with Fuzzing and ML - DevOps Next
Moving to Modern DevOps with Fuzzing and ML - DevOps NextPerfecto by Perforce
 
Leveraging AI and ML in Test Management Systems - DevOps Next
Leveraging AI and ML in Test Management Systems - DevOps NextLeveraging AI and ML in Test Management Systems - DevOps Next
Leveraging AI and ML in Test Management Systems - DevOps NextPerfecto by Perforce
 
How Does AIOps Benefit DevOps Pipeline and Software Quality? - DevOps Next
How Does AIOps Benefit DevOps Pipeline and Software Quality? - DevOps NextHow Does AIOps Benefit DevOps Pipeline and Software Quality? - DevOps Next
How Does AIOps Benefit DevOps Pipeline and Software Quality? - DevOps NextPerfecto by Perforce
 
Classification of Advanced AI and ML Testing Tools - DevOps Next
Classification of Advanced AI and ML Testing Tools - DevOps NextClassification of Advanced AI and ML Testing Tools - DevOps Next
Classification of Advanced AI and ML Testing Tools - DevOps NextPerfecto by Perforce
 
Automated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextAutomated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextPerfecto by Perforce
 
Advancing the State of The Art in AI and Testing - DevOps Next
Advancing the State of The Art in AI and Testing - DevOps NextAdvancing the State of The Art in AI and Testing - DevOps Next
Advancing the State of The Art in AI and Testing - DevOps NextPerfecto by Perforce
 
How to Prepare Your Apps for iOS 14 - Test Strategy, Coverage, & Best Practices
How to Prepare Your Apps for iOS 14 - Test Strategy, Coverage, & Best PracticesHow to Prepare Your Apps for iOS 14 - Test Strategy, Coverage, & Best Practices
How to Prepare Your Apps for iOS 14 - Test Strategy, Coverage, & Best PracticesPerfecto by Perforce
 
How to Create a Risk Based Testing Strategy With Simulators, Emulators, and R...
How to Create a Risk Based Testing Strategy With Simulators, Emulators, and R...How to Create a Risk Based Testing Strategy With Simulators, Emulators, and R...
How to Create a Risk Based Testing Strategy With Simulators, Emulators, and R...Perfecto by Perforce
 
Keeping Your Continuous Test Automation Suites Continuously Valuable in DevOps
Keeping Your Continuous Test Automation Suites Continuously Valuable in DevOpsKeeping Your Continuous Test Automation Suites Continuously Valuable in DevOps
Keeping Your Continuous Test Automation Suites Continuously Valuable in DevOpsPerfecto by Perforce
 
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web TestingThe Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web TestingPerfecto by Perforce
 
Why Mobile and Web Testing MUST Move to the Cloud
Why Mobile and Web Testing MUST Move to the CloudWhy Mobile and Web Testing MUST Move to the Cloud
Why Mobile and Web Testing MUST Move to the CloudPerfecto by Perforce
 
Uncovering the unknowns of appium and beyond
Uncovering the unknowns of appium and beyondUncovering the unknowns of appium and beyond
Uncovering the unknowns of appium and beyondPerfecto by Perforce
 
4 Testing Methods to Scale and Automate Your DevOps Pipeline
4 Testing Methods to Scale and Automate Your DevOps Pipeline4 Testing Methods to Scale and Automate Your DevOps Pipeline
4 Testing Methods to Scale and Automate Your DevOps PipelinePerfecto by Perforce
 
How to Guarantee Continuous Value from your Test Automation
How to Guarantee Continuous Value from your Test AutomationHow to Guarantee Continuous Value from your Test Automation
How to Guarantee Continuous Value from your Test AutomationPerfecto by Perforce
 
Everything You Need to Know About Testing i os 13
Everything You Need to Know About Testing i os 13Everything You Need to Know About Testing i os 13
Everything You Need to Know About Testing i os 13Perfecto by Perforce
 

Mehr von Perfecto by Perforce (19)

Cloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More AccessibleCloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More Accessible
 
Cognitive Engineering - Shifting Right with Gated.AI Testing - DevOps Next
Cognitive Engineering - Shifting Right with Gated.AI Testing - DevOps NextCognitive Engineering - Shifting Right with Gated.AI Testing - DevOps Next
Cognitive Engineering - Shifting Right with Gated.AI Testing - DevOps Next
 
The Rise and Benefits of Robotic Process Automation (RPA) - DevOps Next
The Rise and Benefits of Robotic Process Automation (RPA) - DevOps NextThe Rise and Benefits of Robotic Process Automation (RPA) - DevOps Next
The Rise and Benefits of Robotic Process Automation (RPA) - DevOps Next
 
The New Categories of Software Defects in the Era of AI and ML - DevOps Next
The New Categories of Software Defects in the Era of AI and ML - DevOps NextThe New Categories of Software Defects in the Era of AI and ML - DevOps Next
The New Categories of Software Defects in the Era of AI and ML - DevOps Next
 
Moving to Modern DevOps with Fuzzing and ML - DevOps Next
Moving to Modern DevOps with Fuzzing and ML - DevOps NextMoving to Modern DevOps with Fuzzing and ML - DevOps Next
Moving to Modern DevOps with Fuzzing and ML - DevOps Next
 
Leveraging AI and ML in Test Management Systems - DevOps Next
Leveraging AI and ML in Test Management Systems - DevOps NextLeveraging AI and ML in Test Management Systems - DevOps Next
Leveraging AI and ML in Test Management Systems - DevOps Next
 
How Does AIOps Benefit DevOps Pipeline and Software Quality? - DevOps Next
How Does AIOps Benefit DevOps Pipeline and Software Quality? - DevOps NextHow Does AIOps Benefit DevOps Pipeline and Software Quality? - DevOps Next
How Does AIOps Benefit DevOps Pipeline and Software Quality? - DevOps Next
 
Classification of Advanced AI and ML Testing Tools - DevOps Next
Classification of Advanced AI and ML Testing Tools - DevOps NextClassification of Advanced AI and ML Testing Tools - DevOps Next
Classification of Advanced AI and ML Testing Tools - DevOps Next
 
Automated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextAutomated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps Next
 
Advancing the State of The Art in AI and Testing - DevOps Next
Advancing the State of The Art in AI and Testing - DevOps NextAdvancing the State of The Art in AI and Testing - DevOps Next
Advancing the State of The Art in AI and Testing - DevOps Next
 
How to Prepare Your Apps for iOS 14 - Test Strategy, Coverage, & Best Practices
How to Prepare Your Apps for iOS 14 - Test Strategy, Coverage, & Best PracticesHow to Prepare Your Apps for iOS 14 - Test Strategy, Coverage, & Best Practices
How to Prepare Your Apps for iOS 14 - Test Strategy, Coverage, & Best Practices
 
How to Create a Risk Based Testing Strategy With Simulators, Emulators, and R...
How to Create a Risk Based Testing Strategy With Simulators, Emulators, and R...How to Create a Risk Based Testing Strategy With Simulators, Emulators, and R...
How to Create a Risk Based Testing Strategy With Simulators, Emulators, and R...
 
Keeping Your Continuous Test Automation Suites Continuously Valuable in DevOps
Keeping Your Continuous Test Automation Suites Continuously Valuable in DevOpsKeeping Your Continuous Test Automation Suites Continuously Valuable in DevOps
Keeping Your Continuous Test Automation Suites Continuously Valuable in DevOps
 
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web TestingThe Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
 
Why Mobile and Web Testing MUST Move to the Cloud
Why Mobile and Web Testing MUST Move to the CloudWhy Mobile and Web Testing MUST Move to the Cloud
Why Mobile and Web Testing MUST Move to the Cloud
 
Uncovering the unknowns of appium and beyond
Uncovering the unknowns of appium and beyondUncovering the unknowns of appium and beyond
Uncovering the unknowns of appium and beyond
 
4 Testing Methods to Scale and Automate Your DevOps Pipeline
4 Testing Methods to Scale and Automate Your DevOps Pipeline4 Testing Methods to Scale and Automate Your DevOps Pipeline
4 Testing Methods to Scale and Automate Your DevOps Pipeline
 
How to Guarantee Continuous Value from your Test Automation
How to Guarantee Continuous Value from your Test AutomationHow to Guarantee Continuous Value from your Test Automation
How to Guarantee Continuous Value from your Test Automation
 
Everything You Need to Know About Testing i os 13
Everything You Need to Know About Testing i os 13Everything You Need to Know About Testing i os 13
Everything You Need to Know About Testing i os 13
 

Último

Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingFrancesco Corti
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptxHansamali Gamage
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 

Último (20)

Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is going
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 

Deliver Flawless Mobile Apps Faster with CI/CD & CT

  • 1. Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Deliver Flawless Mobile Apps Faster With CI/CD & CT
  • 2. 2 | Advanced Codeless Testing for Web Apps Today’s Speakers: Eran Kinsbruner • Chief Evangelist and author at Perfecto • Blogger and speaker • 19+ years in development & testing • Author of “The Digital Quality Handbook” and “Continuous Testing for DevOps Professionals” • @ek121268 Brian Reed • Chief Mobility Officer at NowSecure • Leading the Mobile DevSecOps Charge at NowSecure • Helping Fortune 2000 and Gov agencies deliver high quality and secure mobile apps faster • Advisor, Speaker, & Writer • @reed_on_the_run
  • 3. perfecto.io & NowSecure.com3 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Today’s Agenda 1 2 The CI/CT/CD trifecta & DevOps How to fit automated security and functional testing inside the DevOps process https://www.perfecto.io/resources/state-test-automation 3 Common pitfalls in mobile app security and how to overcome them 5 Q&A 4 Fundamentals of continuous testing (CT) strategy for CI/CD/CT pipelines
  • 4. perfecto.io & NowSecure.com4 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Mobile Apps Drive Global Economy
  • 5. perfecto.io & NowSecure.com5 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc The Mobile App Conundrum 100% of mobile devs want to build great apps. 100% of mobile companies want happy customers. 85% of mobile apps have security bugs. 70% of mobile apps leak personal data and violate GDPR/CCPA. 9% of organizations automate over 75% of their test cases. 14% of organizations can release software daily.
  • 6. perfecto.io & NowSecure.com6 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc OPTIMIZED DELIVERY PIPELINE Innovation Throughput Quality of Output Time Cost Today — DevOps Process Probably Looks Like This Process Impact Organizational Impact 2-3 WEEKS 1-3 WEEKS ❌ Unstable ❌ Labor-intensive ❌ Cluttered ❌ Slow • Manual testing. • Unreliable and flaky executions. • Long time to analyze results and fix issues. • Slows time to release. • Increases risk and reduces flexibility during the cycle. • Reduces innovation time versus bug fixes time. • QA and security often not part of the daily cycle. • Testing holds back innovation. ”End of Cycle” Testing
  • 7. perfecto.io & NowSecure.com7 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Continuous Integration — Ability to merge all developer code and automatically build apps throughout the day. Introduction to CI/CD Dev Functional Test Acceptance Test Security Test Deploy Continuous Deployment — Ability to automatically deploy new app functionality throughout the day. Build Continuous Integration Continuous Delivery
  • 8. perfecto.io & NowSecure.com8 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc What Is Continuous Testing? Continuous testing is the process of executing automated high-value tests as a part of the software delivery pipeline in order to obtain feedback on business risks associated with a software release upon every code change.
  • 9. perfecto.io & NowSecure.com9 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc CT Enables Efficient CI/CD Source: Dan Ashby
  • 10. perfecto.io & NowSecure.com10 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Source: DORA Report Key Benefits of a Mature DevOps Program
  • 11. perfecto.io & NowSecure.com11 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Leverage Test Automation to Optimize the Pipeline vs OPTIMIZED PIPELINE Innovation Throughout Quality of Output Time Cost
  • 12. perfecto.io & NowSecure.com12 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Contributing Factors: Common Challenges in Test Automation Automation Skillset Merging Tests Into Pipeline Escaped Defects Due to Noise Advanced Automation Scenarios Challenge to Setup Test Environment Designed for Testability Time Spent to Analyze Reports Testing Is Done Separately Test Maintenance & Digital Platforms Coverage Lack of Time to Automate It all boils down to people, processes, and/or technology.
  • 13. How to Fit Automated Functional and Security Testing into Mobile DevOps Pipeline
  • 14. perfecto.io & NowSecure.com14 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc T H E D E V O P S M A N I F E S T O  Continuous testing over testing at the end.  Embracing all testing activities over only automated functional testing.  Testing what gives value over testing everything.  Testing across the team over testing in siloed testing departments.  Product coverage over code coverage. The Agile Testing Manifesto
  • 15. perfecto.io & NowSecure.com15 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Working Together D E V Q A S E C
  • 16. perfecto.io & NowSecure.com16 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc The Software Delivery Lifecycle Commit Code Build Binary Deploy Staging Test Binary Requirements & Design Common Goals • Build high-quality software. • Bring together security, QA, & dev. • Improve test coverage. • Build testing into the pipeline. • Enable faster release cycles with scalability. • Improve productivity and efficiency.
  • 17. perfecto.io & NowSecure.com17 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc The Software Delivery Lifecycle — Functional Testing High Mobile Quality & UX Requires • Balance between real and virtual device testing. • Testing against real user conditions. • Leveraging a cloud-based solution to continuously maintain your lab. • Automation of the key business transactions. • Fast feedback driven by smart reporting and analysis. Commit Code Build Binary Deploy Staging Test Binary Requirements & Design Real Device Cloud-Based Testing and Actionable Feedback Unit & Smoke Testing on Virtual/Real Platforms
  • 18. perfecto.io & NowSecure.com18 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc The Software Delivery Lifecycle — Security Testing Security Testing • Tests in dev, build and prod. • Leverages automation and direct toolchain integrations. • Binary testing provides most complete code and risk coverage. • Tune testing frequency and depth to mobile app risk level. • Dev remediation instructions for speed. • High accuracy for low false positives. Commit Code Build Binary Deploy Test Binary Requirements & Design Auto Monitor in Production Staging SCA Repo Security Scans Auto Security Tests Every Build Auto Generates Issue Tickets Static Source Security Scans
  • 19. Common Pitfalls in Mobile App Security & How to Overcome Them
  • 20. perfecto.io & NowSecure.com20 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Mobile App Security Risks Are Real & Pervasive
  • 21. perfecto.io & NowSecure.com21 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc OWASP Mobile Top 10 — Areas Of Common Failure M1 - Improper Platform Usage Misuse of features like Touch ID, permissions, keychain. 4% Fail M2 - Insecure Data Storage Data leakage, client-side injection, weak server-side controls. 50% Fail M3 - Insecure Communication Poor handshake, SSL/TLS/cert issues, transfer in clear text. 48% Fail M4 - Insecure Authentication Improper identity management, weak session management. 5% Fail M5 - Insufficient Cryptography Lack of crypto, improper crypto use. 8% Fail M6 - Insecure Authorization Improper local authentication, forced browsing. 2% Fail M7 - Client Code Quality Code mistakes e.g. buffer overflows, format string vulns. 32% Fail M8 - Code Tampering Binary patching, method hooking/swizzling, memory mods. 11% Fail M9 - Reverse Engineering Exposure to attacker reversing tools. 32% Fail M10 - Extraneous Functionality Dev/QA inadvertent disabling security, hidden backdoors. 47% Fail
  • 22. perfecto.io & NowSecure.com22 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Inside the Mobile Attack Surface Code Functionality Data at Rest Data in Motion Data Center & App Backend • GPS spoofing • Buffer overflow • allowBackup Flag • allowDebug Flag • Code obfuscation • Configuration manipulation • Escalated privileges • URL schemes • GPS leaking • Integrity/tampering/repacking • Side channel attacks • App signing key unprotected • JSON-RPC • Automatic reference counting • Dynamic runtime injection • Unintended permissions • UI overlay/pin stealing • Intent hijacking • Zip directory traversal • Clipboard data • World readable files • Data caching • Data stored in application directory • Decryption of keychain • Data stored in log files • Data cached in memory/RAM • Data stored in SD card • OS data caching • Passwords & data accessible • No/weak encryption • TEE/Secure enclave processor • Side channel leak • SQLite database • Emulator variance • Wi-Fi (no/weak encryption) • Rogue access point • Packet sniffing • Man-in-the-middle • Session hijacking • DNS poisoning • TLS Downgrade • Fake TLS certificate • Improper TLS validation • HTTP Proxies • VPNs • Weak/no local authentication • App transport security • Transmitted to insecure server • Zip files in transit • Cookie “httpOnly” flag • Cookie “secure” flag • Android rooting/iOS jailbreak • User-initiated code • Confused deputy attack • Media/file format parsers • Insecure 3rd party libraries • World writable files • World writable executables WEB + SAST VENDORS APPS FRAMEWORKS NATIVE LIBRARIES KERNEL HAL HARDWARE TEST APP API Backends Network & Cloud Services
  • 23. perfecto.io & NowSecure.com23 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Data Center & App Backend Network & Cloud Services NowSecure Mobile AppSec Testing Checklist APPS FRAMEWORKS NATIVE LIBRARIES KERNEL HAL HARDWARE TEST APP ✓ Man in the middle: cert validation ✓ Man in the middle: hostname veri. ✓ Man in the middle: HTTP connections ✓ SSL downgrade ✓ Unprotected TLS traffic ✓ Cookie flags ✓ Certificate validity ✓ … ✓ App files and log files ✓ Keychain ✓ SD Card ✓ World writable files ✓ World readable files ✓ RAM ✓ Unencrypted credential storage ✓ SQLite databases ✓ Secure enclave processor ✓ … ✓ Development flags ✓ Automatic reference counting ✓ Stack smashing ✓ Bad authentication/authorization ✓ Root access ✓ Path traversal ✓ SQL injection ✓ Vulnerable third party libraries ✓ Heartbleed ✓ Bad cryptography ✓ App transport security ✓ Obfuscation ✓ … Code Functionality Data in MotionData at Rest Automated Mobile App Security Testing on Real Devices Analyzes the binary post-compilation to discover vulnerabilities including those in third-party libraries. Static Testing [SAST] Inspects the binary at runtime collecting telemetry from the “inside out” to find vulnerabilities with near zero false positives. Interactive Testing [IAST] Attacks the binary, device, network, and APIs at runtime from the “outside in” to find vulnerabilities with near zero false positives. Dynamic Testing [DAST] TEST APP
  • 24. perfecto.io & nowsecure.com24 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc NowSecure Platform One Portal for Your Mobile App Security & Privacy Testing Needs • Web Interface • Apple App Store • Google Play • CI/CD Plugins • Enterprise App Store • MDM/EMM Integration • Restful API • Interactive Binary Analysis • Dynamic Binary Analysis • Static Binary Analysis • CVSS Security Score • Compliance Checks • Findings Descriptions • Remediation Instructions 1 NowSecure Automated Analysis Engine Device Pool Upload/Download Binary Fully Automated Testing • Web Interface • Report PDF • Restful API & JSON • Issue Tracking Tools • Vulnerability Management Dashboards 3 Flexible Output Options 2
  • 25. perfecto.io & NowSecure.com25 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Commit Code Build Binary Deploy Staging Test Binary NowSecure Powers Your Secure Toolchain Requirements & Design Auto Test Every Build Auto Generate Issue Tickets
  • 26. The Path Towards Continuous Testing
  • 27. perfecto.io & NowSecure.com27 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc 1 2 3 4 5 Stable automation Daily cycle Increase coverage Reach 95% Continuous testing W H A T Y O U ’ L L G E T W H A T Y O U ’ L L N E E D • 99.9% availability lab • Evidence collection • Process integration • CI • Defect tracking • Vuln tracking • Execution control • Dashboarding • Create scripts • Maintain scripts • Understand what’s wrong • Skillset matched tool • False negative detection in reports • Accurate findings for low False positives • Threat-modelling to tune testing to risk • Test on real devices • Run tests daily • Run tests on each build • Get results in minutes • Fast feedback loops • Valuable coverage • Meaningful daily feedback • Advance validations • Visual automation • Basic orchestration • Up-to-date lab • Scaled lab • Analysis grouping • Role-based routing • Automate all that possible & reasonable • Advanced orchestration • Elasticity • Sharding • Environment control • Scaled reporting • Nightly  Continuously • Cloud execution • Very high scale D E V O P S F R I E N D L Y Z O N E The Path to Continuous Testing
  • 28. perfecto.io & NowSecure.com28 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Source: John Ferguson Smart Continuous Testing, Feedback, Visibility, and Business Value — A Full Team Objective. How and When Does Security Fit?
  • 29. perfecto.io & NowSecure.com29 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Pipeline Example: What Good Looks Like Relevant Unit Testing High-Value Smoke Testing: Functional, API, Integration, Component and Security Testing Regression on Real Devices: Mixed Functional, Non-Functional, Performance and Security Testing
  • 30. perfecto.io & NowSecure.com30 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Perfecto Continuous Testing Platform Cloud-Based Test Environment Smart Automation Test Creation & Execution Authoring Debugging Validations Maintenance Orchestration Scheduling Test Environment Control Self-Healing Elastic Artifacts Collection Browsers & Desktop Mobile Devices Mobile Simulators / Emulators Smart Reporting & Analytics Smart Analytics Heatmaps Root Cause Analysis Cross-Platform Analysis Continuous Integration Analysis
  • 31. perfecto.io & NowSecure.com31 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc Perfecto’s Smart Continuous Testing Solution Smart Execution Fast and parallel test execution with multi-team orchestration abilities and management. Smart Analytics "Single pane of glass" provides visibility and scales to support millions of test results. Smart Creation Automation creation that matches your team’s skillset (Appium, Espresso, XCUITest, Quantum BDD). Smart Lab Always on and stable. Always up to date. Supports all mobile OS and platforms. The Perfecto human factor increases your chances to succeed. v Black Belt Testing Experts Training Dedicated Success Manager 24/7 VIP Support
  • 32. perfecto.io & NowSecure.com32 | Perfecto by Perforce © 2020 Perforce Software, Inc. and NowSecure, Inc The 4 Key Pillars of Continuous Testing in DevOps Automation for effective use of Time, Tools, & Resources This is where value is being realized, quality is improved Unified Functionality + Security Approach serves DevOps with greater effectiveness. Automated test analysis • Fast feedback • Root cause analysis • Risk based coverage Test creation and maintenance • Authoring tool • Validations • Accuracy • Coverage