Much enterprise software application testing focuses on the security of code. But testing new code for functionality, performance and integration with existing code remains crucial.

The emphasis on factory-style output of new code has increased risk, regardless of whether risk is on the security or the functionality side, said Mav Turner, the chief product and strategy officer at Tricentis.

The emphasis on delivery speed has shifted. “We need to move fast, but we have to do that in a way that doesn’t expose our customers, our business, our citizens, to risk,” Turner said. Dealing with risk in turn requires what Turner called “the balance between functionality and security.

“You could have [an application] completely shut off, an isolated system at the bottom of some bunker, and nobody could use it,” Turner said. “And how valuable and functional is that?”

Optimizing enterprise software systems requires a continuous approach over the lifecycle of code from inception to future updates, Turner said.

In a comprehensive approach, tech teams ask themselves, “How do we ensure we have the right security tooling in our pipeline? How do we ensure we have the right functional testing in our pipeline?” he said.

While agencies sometimes develop new applications from scratch, a great deal of improvement and modernization involves blending new functionality with existing. Often, the existing applications were developed years earlier using different languages.

Either way, “That’s where the challenges come,” Turner said. “When you talk about modernization, it’s not just turning on this new shiny app, it’s making it work with everything else that’s in the in the environment.” Among the challenges: Older applications lacking what he called a clean access application programming interface (API) layer that isolates applications from databases.

“You really don’t want these direct database calls, or you don’t want to munge the front end and the back end into one application,” Turner said. He added, “Hopefully you have mature, role-based access control implemented, and you have very clear APIs documented. But typically, that’s the big hurdle to modernization – understanding what’s in your environment today.”

Holistic view

Turner advocates taking a step back and thinking about the mission.

This may sound obvious, but I think it’s super critical,” he said “What problem are you trying to solve?”

That means thinking about code from the user standpoint.

“You have to understand your user,” Turner said. “You should understand what problems they trying to solve with this application. And then from there, map out what data they’re going to need, what systems they’ll need to access. That’s critical.”

He cautioned about use of low-coding or no-coding platforms, or ERP systems because it’s hard to ensure end users who are utilizing these tools are producing quality code. Should the organization use this type of tool, Turner said it requires “intentionality on the design side.” It’s important to “ensure that when you’re rolling these kinds of building blocks out to your customers, that you test all those permutations; and no matter how they’re put together, you can ensure there’s quality.”

Turner said that’s the approach Tricentis takes with its testing product.

“Our concept is continuous enterprise quality,” he said, “ensuring that all of these different systems, as they connect to each other, we can ensure that they are working.” That uses what he called a model-driven approach in which the agency creates a model of how the business application is supposed to operate model-based.

“Then we abstract the model from the technology layer,” Turner said. “This is a key strategy that really accelerates modernization.”

When developing “greenfield” applications, or starting from scratch, the agency must still ensure that an application will work once deployed in the infrastructure, and that it will accommodate the anticipated numbers of users and workloads.

“That performance testing and performance engineering mindset is something we see a lot of teams struggle with when they’re building applications,” Turner said.

Still another situation requiring comprehensive testing, Turner said, is use of software-as-a-service (SaaS) enterprise applications such as for enterprise resource planning, finance or human resources. Typically, SaaS vendors push patches or updates automatically as part of the service. These changes vary widely in size.

“That is very valuable, but it does add complexity,” Turner said. “We see a lot of teams and businesses and agencies struggle with keeping up to date, because they no longer control that update window.”

When the IT team controlled updates, it had the luxury of manually testing dependencies ahead of time to ensure that once an update when live, it wouldn’t break anything.

“We can’t do that anymore,” Turner said, “because all of these SaaS providers are updating on their own schedule, and we have to make sure the services don’t break.”

The alternative, Turner said, is continuous, automated testing. He said the most mature organizations “are able to look at specifically what code changes – in applications that they’ve built – that have dependencies with these third-party applications.” In other words, testing for how an update may affect dependencies itself depends on visibility into the code.

“Having quality intelligence into what code has changed, and making sure that code can’t get to production without ensuring that there’s proper test coverage” will help ensure continuity of operations, Turner said.

Armed with visibility and the right test tools, “they’ll build out their automated test, and they’ll be really happy with results.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.