Agile development testing
Flexible testing to provide security assurances throughout the development lifecycle
What is agile development testing?
Traditional penetration testing typically takes place at the end of the development lifecycle, prior to go-live, ensuring that no major security flaws are present. This approach certainly has its place, and we would always recommend testing whole applications and systems annually.
However, in today’s fast-moving DevOps world, this approach should be complemented with flexible, less time-consuming and more ad-hoc testing. Testing that fits with the agile development methodology.
In these cases, clients don’t want a full penetration test of their entire application. Rather, they want to spend a short amount of time looking at a particular update, or a new feature of the application, delivering findings quickly via a ticketing system, or even over a Slack channel.
Our agile development penetration testing service has been designed to meet these flexible needs.
Flexible to your requirements
Once a set number of days has been agreed upon, our experienced security consultants will be placed on standby, ready to respond quickly to your testing requirements.
Focus on specific features/functionality
Our agile testing allows you to concentrate your efforts on new features being released or functionality that has not been tested previously.
Value throughout the development lifecycle
Agile testing can be deployed throughout the development process, helping catch issues early and prevent potential security headaches further down the line.
Provide security assurances
Our testing is here to provide you, and your stakeholders, with the assurances you require. Assurances that the development areas under review are as secure as possible.
Find out more about Pentest
Find out more about Pentest, the support we offer and
the reasons clients choose us.
What we review
Our agile testing methodology will be tailored to each engagement and will be based on your requirements. Whilst every engagement is different, examples of what we review include:
Security configuration & authentication
Application functionality, technology & data flow
Susceptibility to Cross-Site Scripting (XSS), SQL & other injection attacks
Data transfer security, password and sensitive data storage
Logic flaws such access control & broken authorisation
Testing against OWASP Top 10 vulnerabilities
Our agile testing process
Our agile testing methodology is designed to meet your needs and to fit within your development sprints. Our general approach would typically be as follows:
1. Understanding your requirements
Your dedicated Account Manager (AM) will work with you to fully understand your organisation, your development processes, the application/s in question and your desired outcomes.
2. Proposal & prerequisites
A proposal will be drawn up outlining the number of consultancy days needed to meet your testing requirements, as well as detailing any necessary prerequisites before testing begins.
3. Testing
When testing is required, we will agree the number of testing days to be allocated to the individual review and look to perform testing as soon as possible.
4. Reporting
We will report security issues immediately. This will be in a format that suits your development team, be it over chat, via ticketing (e.g. JIRA), email or otherwise.
5. Call off
Our team will continue to be available for testing requirements until the overall consultancy days agreed upon have been fully utilised.
6. Post-test support
Consultants will be available after testing to explain their findings & provide support to your development team.
Why choose Pentest?
Our test process isn’t the only reason clients choose to work with us. Find out more about Pentest, our ethos and the support we offer our clients.
Contact us
Want to find out more about our agile development testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.