As part of our efforts to be active in the software development and testing community and meetup space, we took part in the 2021 B2B Software Days event during May 10-12, 2021. To bring our readers a little bit of what happened back at the event, we’ve decided to go through the list of questions one of our co-founders, Evelyn Haslinger received while there — as well as our answers to them. Let’s take a look, shall we?
What is the difference between automated and manually testing and how is it connected to security by design?
Absolutely every software change needs to be tested to make sure that existing functionality stays the same, and that new functionality actually works. Otherwise, end-consumers of a software cannot rely on the products. There are multiple problems with manual testing, but the main disadvantage is repetitiveness. Every time something changes in the software or environment, someone needs to check that it still works as expected, again, and again.
On the other hand, when testing software in an automated fashion, test scripts are created once and can then be run without any additional effort, as often as required. The automation step is typically more time-consuming than a single manual test run, but in the long run, test automation always pays off. Not only from an effort perspective, but also through a speed up in development times: long manual test cycles do not allow for fast release cycles and rapid feedback that developers need.
Security by design and software testing are two complementary approaches that have the same goal: ensuring the delivery of secure high quality software. As its name tells us, security by design aims to provide secure systems by already considering security when laying out the fundamental design of a software system. Additionally, the chosen security principles are applied and verified to guide developers in their daily development work. Ideally, software is not only secure by design, but is also testable by design, since both concepts go hand in hand during the design stage of every software system and development process.
Why would one need to invest into testing tools and processes nowadays? Does the issue of testing only count for large companies, or startups as well?
Software development is an inherently complex process that is impossible to get right the first time. One option we have to find bugs and security issues is through very thorough software testing. But there are essentially two problems with thorough testing:
Due to the complexity of software, testing all eventualities becomes infeasible when performed by developers. A tester is only able to reveal the bugs they know about. If you are, for instance, not aware that SQL injections exist, you will not be able to find them.
These two problems are the reason why tools that automate the meager tasks of software testing are essential. Static source code analysis can be used to scan source code for certain types of problems in a fully automated fashion. Tools like Symflower provide high coverage test suites out of the box to find even more problems, and to make sure that the software actually works. Every single automated task makes software development more productive, reliable, and stress-free.
For startups, getting their first MVP (minimum viable product) out is one of the most important goals. Sadly, there exists a misconception that test automation slows down development time, which is clearly not the case. Would you rather check that your product still behaves as expected manually on a daily basis, or automate these steps once? With every feature implemented, it gets harder and harder to test manually, and confirm whether everything works just as it did yesterday. A good automated testing process makes you more productive, regardless of the project or company size.
Is automated testing actually compatible with DevOps philosophy?
We feel like automated testing is actually a prerequisite for a successful DevOps lifecycle. The goal of DevOps is to minimize the time between a committed change request and to get that change into production. With a growing feature set of an application, a lack of automated tests usually results in longer and longer release cycles, which results in the complete opposite of what the DevOps philosophy stands for.
What is your approach to working down technical debt? Any tips?
In our experience, it is very hard to work down technical debt after the fact, and if one’s about to do it, they also need the right tools for the job. Of course, the ideal technical debt to have in any project, early or late, is zero: but we all know that’s not as easy as it sounds. It requires a great deal of discipline from development teams and understanding from management about why, for instance, refactorings are required to keep a code base maintainable.
How does Symflower work with test-driven development?
Symflower helps developers during TDD, so they do not overlook unexpected behavior of their changes. When applying TDD, people first write the tests for a function and then its implementation. Developers usually put the cases into their manually written test suites they have in their minds while implementing their function, i.e. the golden paths (also called happy paths). Typically, there are no tests for all eventualities that a function provides, like a certain combination of inputs that leads to an exception or security issue. This is where Symflower comes in: in addition to the golden path through a function, Symflower computes unit tests for all relevant paths as well as error paths, so you can make sure that changes do exactly what you want them to do.
How is Symflower positioned compared to other vendors of automated testing solutions?
Usually, testing vendors aim to make the tester more efficient in what they do: for instance, by providing a record option for a manual test run to replay it later on, as often as required. This approach still requires human input. With Symflower, we provide a testing solution that requires zero manual intervention at all, as tests are directly deduced on the basis of source code analysis.
For anyone still considering whether or not to invest in testing processes for their product, what is your advice?
There are multiple reasons why developers and businesses should invest more in testing, and in automated testing in particular. For developers, the time and effort saved when it comes to automated testing can be a game changer. From a business perspective, testing is a critical success factor at all times: the right setup brings with it a huge competitive advantage, a better quality product overall, more frequent product updates, and the increased customer satisfaction that comes with it all. Modern software development is simply not feasible without having testing in mind, and we at Symflower aim to help with that through our state-of-the-art automatic unit test generation.
And that is it for the event’s questions. A special round of thanks goes out to 2021 B2B Software Days again, for letting us be a part of this great meetup, and for providing us with the opportunity to meet all the people we did there.
Of course, we realize there might be a lot more things you’d want to ask us — which is why we’re always open for discussion both through our email, and our socials on Twitter , Facebook , and LinkedIn as well. Don’t hesitate to drop us a line!
If you’ve enjoyed this piece of content, don’t forget to subscribe to our newsletter , and stay up to date with everything Symflower.