Every few weeks, it seems like there’s another major security breach to the website, gaming system or native app of a big global brand.  And that doesn’t even include the hundreds (thousands?) of hacks into the properties of smaller enterprises, SMBs and startups that consumers may (or may not) hear about.

In fact, a few months ago we wrote about The Top Security Hacks of 2011, and referenced that the attacks on Playstation were estimated to have cost Sony $24 billion dollars– nearly 10x their revenue for the same period.

So here’s the point: Would you rather look back and say your company overshot and used too many systems for security testing?  Or get that nauseaus, sinking feeling in your gut when your CIO wakes you at 2:00am and says the company has spent too little?

That’s why– as the cornerstone of uTest’s showstopping announcement yesterday– we announced the launch of uTest Security Testing that leverages the talents of new and existing white hat security professionals within our crowdsourced community.  Since we now offer the first crowdsourced, real-world security testing in the world…there’s a new kid in town to join the collective effort to protect your company, and customers’, private data.

Moreover, we’ve joined forces with industry leader Veracode to provide seamless access to their complementary, cloud-based application security verification services.  Veracode has scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis.

As a result, companies will have access to a cost-effective, powerful combination of automated (Veracode) and real-world (uTest) testing that mitigates security risks across the entire software development lifecycle.

We’re thrilled, honored and excited to be partnering with Veracode.  And we’re certain that our joint offering– as a complement to organizations’ in-house security testing– will offer tech executives peace-of-mind at a price with infinitely fewer zeroes than $24,000,000,000.

We’ve posted a lot of infographics on the growth of mobile and web v. mobile for developers but never one on how small businesses utilize mobile technology.  Intuit recently published this infographic on Mashable and it nicely illustrates how small businesses can leverage mobile to drive sales.

While I’m disappointed that Boston didn’t make their list for Top 10 markets for “Small Businesses Adopting Mobile” they do include some nice metrics.  I find it interesting that generating new sales only ranked 4^th among reasons SMB’s use mobile.

If you’re interested in a lot more detail we have white papers covering testing mobile and web apps.

Due to size constraints, the infographic has been posted below the fold… Read more…

Microsoft Tag has a great (but huge) infographic on mobile marketing.  I don’t think anyone still questions the potential commerce and social power of mobile devices but this graphic certainly drives the point home.

A few of my favorite bullets:

• There are 4 billion mobile phones in use around the world. (For reference, there are just under 7 billion people in the world)
• Mobile internet usage is expected to surpass desktop internet usage in the next 3 years. (I expect the lines between mobile/desktop and cellular/wifi networks will also blur over the next few years)
• On average, Americans spend 2.7 hours per day socializing on their mobile device. (Ok, maybe this Toyota advertisement is ringing a bit too true here)

If you’re interested in testing mobile apps, check out our whitepaper dedicated to the subject.

Due to size constraints, the infographic has been posted below the fold…

Read more…

Alterian has published a nice infographic of comparing native apps to web apps for mobile phones.  While native apps have some distribution and marketing benefits there have been increasing complaints from developers regarding app store policies. (We covered an app store comparison in April.)

Figuring out which path to take is certainly a popular debate and with companies like Facebook rumored to be developing “Spartan”, an HTML5-based web app the debate certainly won’t fade anytime soon.

uTest has detailed white papers covers testing of both topics;  testing mobile and web apps.

Due to size constraints, the infographic has been posted below the fold…
Read more…

Another month, another stellar guest for our Testing the Limits series. This time, we shoot some questions back-and-forth with testing expert Jim Sivak. Jim has been in the computer technology field for over 35 years, including a recent four-year stint as the Senior QA Manager at McAfee.  His career as a tester began with the Space Shuttle and over the years has encompassed warehouse systems, cyclotrons, radars, operating systems and now security software.  He is a Senior member of the ASQ and is certified as a Software Quality Engineer (CSQE).

In part one of our interview, we get his thoughts on the dangers of ignoring security testing; the false sense of security in mobile apps and devices; the evolution of malware; managing QA expectations; the meaning of SWAG and much more. Be sure to check back tomorrow for Part II.

**************

uTest: We noticed that you recently joined Unidesk after four years at McAfee. First off, what does Unidesk specialize in? And what are you looking forward to most in this new role?

JS: Unidesk is in the Virtual Desktop space. Our product allows companies to utilize virtual desktops that truly have the look, feel and capability of a hardware desktop. Due to our technology, desktop personalizations are easily managed. Virtual Desktops can become the IT department’s best friend in that changes and patches only have to be rolled out to one system, which then gets replicated automatically to every associated desktop.

Because Unidesk is a startup, I have the opportunity to really define the QA processes and goals, determining both the tactical and strategic visions. Being able to drive this work, using new techniques and past experience is really what brings me to my desk every day.

uTest: Your time at McAfee must have given you great insight into the web’s dark underbelly (i.e. security threats). Looking back over the last few years, what’s surprised you the most about the way businesses and consumers deal with security measures?

JS: Great question, Mike. The biggest surprise is the whole ostrich “head in the sand” attitude that exists. The tools and techniques are there, the information is readily available, but security still takes a lower priority until an incident happens.  Just look at the breaches that appear on an almost daily basis.  In the home, how many emails do people open and respond to that say ‘you have a credit card application ready for you”?

uTest: It seems safe to assume that users are more aware of threats on the web, as opposed to mobile? In your view, how does the explosion of mobile apps, social media and third-party integrations affect security?

JS: It is the sheer volume of opportunity for security lapses and breaches with these new avenues that is really frightening.  Just look at the incidents that have happened because someone sent a malicious link to their networked friends unbeknownst to them. Or applications that contain malware that just get downloaded and incorporated on these devices. People just assume that their phone is secure or that their tablet is unhackable. Again, software providers need to take security seriously and not wait until a major incident happens. It all comes down to the fact the users are human and we take a lot for granted.

uTest: Which evolves faster: security threats (viruses, malware, etc.) or the technology used to combat them? Why is this the case and what are the implications for end-users going forward?

JS: Unfortunately, I think that malware is winning.  Although there is research in trying to get ahead of the bad guys, most technology is reactive—the threat exists first and a solution/detection comes after.

uTest: This might seem like a job interview question, but what were some of the biggest testing challenges you faced at McAfee and how were you able to overcome them?

Read more…

Over the past week, there’s been some hub bub over comments made by Motorola’s CEO Sanjay Jha.  According to IDG News Service, Jha “blamed the open Android app store for performance issues on some phones,” based on his statement: “Of all the Motorola Android devices that are returned, 70 percent come back because applications affect performance.”

Even though Motorola formally stated today (see MoCoNews article) that Jha’s comments were essentially misconstrued and didn’t accurately reflect his intentions, the issue has remained a lightning rod for debate.

But for those of us in the software testing community, there’s a truly, positive message embedded in this issue:  Motorola was validating the critical importance of QA testing in the app development process.  

After all, consider Jha’s statement that, “one of the good and problematic things about Android is that it’s very very open. So anyone can put applications, third-party apps, on the market without any testing process….For power consumption, CPU utilization, some of those things, those applications are not tested. We’re beginning to understand the impact that has.”

For professional software testers, that confirms how important our work is, and actually suggests that the scope of mobile testing should be expanded.

Essentially, Jha wasn’t really referring to functional testing.  Or testing exclusively in the “clean and ideal” conditions of a lab environment.  Instead, he was describing the need for usability testing in the real-world to subjectively examine how apps and devices perform in live conditions and affect the user experience.  For instance, did the app run sluggishly?   Did it seriously tax the battery life?  These are vital questions, particularly for apps heavy on audio and video. 

At the end of the day, consumers are unlikely to differentiate whether their frustration over poor performance is caused by the smartphone or the app…or the interaction of both.  They just want to have a great experience with their new mobile “toy” or get their work done. 

Because if there isn’t enough testing on every device that the app is developed for, then (as Jha said) the smartphone gets returned and everyone– including the app publisher–loses out.

Robert Scoble just published his list of “Must Have iPhone Apps” on Quora. It’s well over 100-apps long but it’s pretty exciting to see so many uTest customers listed (dare I say that it reads like a “Who’s Who of uTest Customers”?)

It’s pretty extensive but we know there are more “Must Have Apps” out there – for me it’s…

• Nike+ GPS – best run tracking app yet with a lot of social interaction (i.e. play “tag” against friends, get live cheering from Facebook friends). Plus it’s compatible with DailyMile.com which is my go-to exercise tracker.
• TWC (The Weather Channel) – It’s the best weather app I’ve seen yet.
• Weber’s On The Grill – its summer.  How can you not have this downloaded?
• ESPN’s FFL app – With the pending lockout this might be pretty pointless come fall but I’m optimistic that I’ll have a chance to take some friends money.
• HBO Go – Free access to all HBO content for existing HBO customers means I watched all Entourage episodes in a couple weeks on the iPad. Curb Your Enthusiasm is next.

Scoble’s list after the jump. You know you want to see it….

Read more…

Google’s off to a pretty intense start in 2011 – from a change in CEO to launching new products that compete directly with some of the biggest tech companies including Microsoft, Amazon and of course, Apple.

It’s no secret that web and mobile apps represent a lot of money to businesses and app markets are in a race to keep up. Google is using this as an opportunity to greatly expand their presence — and the early returns are impressive. In fact, the Android app market is growing 3x faster than Apple’s iOS market (although, as its marketshare grows, it become a more attractive target to black hat malware apps).

Google isn’t stopping there, though. They’ve recently launched their Shopper app on iOS – an alternative to Amazon’s really nice native apps – and the “One Pass” a publisher subscription alternative to Apple.

Read more…

In part II of our interview with SOASTA’s Dan Bartow, we get his thoughts on why load testing often gets neglected; advice for test tool selection; the challenge of load testing for mobile apps; SOASTA’s plans for 2011; fights between flying sharks vs. flying crocodiles and more. If you missed our previous segment, you can read Part I here. Enjoy!

uTest: True or false: Load and performance testing is often one of the most neglected phases of software quality. Please explain why this is (or is not) the case.

DB: True!  The time allotted for QA in the software development lifecycle has always been the first thing to get squeezed when a project gets behind.  Traditional software methodologies such as Waterfall essentially go from requirements to development and ultimately QA at the tail end.  When the project development activities get behind then the only thing left to cut from and still deliver a product on time is the QA cycle.  Performance still isn’t a part of many project plans today (this is almost a separate topic in itself), but when it is in the project plan it usually gets a slice of the QA time which is already too short in most cases.

Now we live in an agile development world and while agile functional QA is catching up we still don’t have agile performance testing as an industry standard.  The reason for this is that the dominant product in lab performance testing, HP LoadRunner, requires you to write code for your performance tests that is more complex than the actual web application code you’re testing.  If you have to write your test cases in C and it takes two weeks to write an end-to-end scenario on a finished web app then you have dead weight in your dev lifecycle.  As a result of these weaknesses companies have lost confidence in the value of performance testing their apps.  The way to reinstate this confidence is with a modern testing tool and a modern approach to testing.

uTest: How important is tool selection when it comes to load and performance testing? Are testing failures a result of this or something else, like personnel?

DB: Tool selection is very important for overall success although testing failures can be because of people, processes and/or technology.  You need the right tool for the job and you need the right people to use them in a process that’s set up for success.  Just like QA isn’t a one size fits all shoe neither is performance testing.  Personally though I think most testing failures are a leadership and execution problem and not because of the tools being used or the processes.  Quality comes from the top down.  The companies out there delivering the highest quality offerings are the ones that build quality in from the CEO all the way through the company.  Probably every tester reading this knows what its like to be a QA Engineer at a company that doesn’t seem to actually care about quality.  How ironic!  I said tool selection was very important, but I really don’t even want to focus on that here because tools are just tools.  Before you worry about whether or not you have the right tools time should be spent on making sure you have the right attitudes on your team and the right players.  Once you have a good enough team that is pushing the capabilities of your toolset then I think you’ve got a foundation for success and you can start driving higher.

uTest: How does the expansion of mobile apps and devices impact load testing? Is this a game-changer? Or something current load testing is well suited for?

Read more…

We write a lot about the latest and greatest apps on smartphones, tablets and other devices. But what about enterprise apps? We haven’t taken a look inside the enterprise for signs of a mobile app uptick (support or implementation) in quite sometime. That’s why this study conducted by Kelton Research really struck a chord.

Yesterday, Kelton Research announced the results of their study on mobile enterprise apps, and I think they may shock you. According to Kelton, a whopping 90% of U.S. and UK IT managers surveyed will implement new mobile apps in 2011! 250 IT managers in the U.S. and UK at companies with revenue of $100MM+ were polled.

At first, I thought these stats seemed slightly inflated, but the more research I did, the more surveys I found that indicated that 2011 is indeed the year of the mobile enterprise app. In fact, ABI Research expects worldwide enterprise mobile data revenues to reach $133 billion by 2014.

With new apps for BlackBerry, iPhone, iPad, and Android making deep in-roads in healthcare, finance, education, media, and retail, employees are using mobile apps to access everything from CRM systems, to financial results, to marketing campaigns, to tracking orders, etc.

Another very interesting finding in the Kelton study… Saving money is the most popular reason (63%) for deploying mobile apps (chart above). I agree with Eric Lai of ZDNet who said, “It’s heartening, as it shows that mobilizing appears to be a fiscally sound strategy, not something with a pie-in-the-sky ROI.”

Some other interesting stats from the study include:
Read more…