Many new applications are emerging out in the market on one-side and new security threats emerging on the other side. Earlier, product owners were not serious about their application security and they did not give much importance to security testing, since hackers were few in existence. However, now-a-days a large number of people have started hacking for fun, money and popularity. They either gain access to confidential information or inject malicious code to crash the system. Now, product owners have begun to understand the importance and criticality of application security and they want their products to be secure.

Testing the application’s security manually is possible but becomes a mammoth task. Well, the right tools should help a tester progress with detecting the security threats in the application. That leads us to the question: “What’s the mantra/right tool for detecting your security threats?” Well, the answer lies in the question itself. It’s the ‘MANTRA” browser. Mantra is an excellent browser-based framework for security testing. Continue reading »

Do you estimate Testing effort as X% of Coding effort?

Scene 1:

The customer has provided adequate documentation on the requirements for the software to be developed and now requests for a quote. Pre-sales consultants, with a developer background, spend just enough time in analyzing the requirements and have discussions with the developers/architects/project managers on how much effort it would take for the development (analysis, design, coding, project management) in the specific architecture/technology. They would go through a series of refinements with various stakeholders before it is being projected to the customer. However, when it comes to the point of estimating the testing effort, the oft-heard response is: “Oh! Don’t you worry; it is just x% of the coding effort. That has worked for us…..”

Well, that’s a scene I have witnessed many a times.

Now, let’s cut to Scene 2: Continue reading »