Agile Development Testing
Flexible testing to provide cybersecurity assurances throughout the development lifecycle
What is agile development testing?
Traditional penetration testing typically takes place at the end of the development lifecycle, prior to go-live, ensuring that no major security flaws are present. This approach certainly has its place, and we would always recommend testing whole applications and systems annually.
However, in today’s fast-moving DevOps world, this approach should be complemented with flexible, less time-consuming and more ad-hoc testing. Testing that fits with the agile development methodology.
In these cases, clients don’t want a full penetration test of their entire application. Rather, they want to spend a short amount of time looking at a particular update, or a new feature of the application, delivering findings quickly via a ticketing system, or even over a Slack channel.
Our agile development penetration testing service has been designed to meet these flexible needs.
Flexible to your requirements
Once a set number of days has been agreed upon, our experienced security consultants will be placed on standby, ready to respond quickly to your testing requirements.
Focus on specific features/functionality
Our agile testing allows you to concentrate your efforts on new features being released or functionality that has not been tested previously.
Value throughout the development lifecycle
Agile testing can be deployed throughout the development process, helping catch issues early and prevent potential security headaches further down the line.
Provide security assurances
Our testing is here to provide you, and your stakeholders, with the assurances you require. Assurances that the development areas under review are as secure as possible.
What we review
How we approach agile testing
Our agile testing methodology will be tailored to each engagement and will be based on your requirements. Whilst every engagement is different, examples of what we review include:
Security configuration
& authentication
Application functionality, technology & data flow
Susceptibility to Cross-Site Scripting (XSS), SQL & other injection attacks
Data transfer security, password and sensitive data storage
Logic flaws such as access
control & broken authorisation
Testing against OWASP Top 10 vulnerabilities
Not sure what type of testing you need?
Our team will be happy to discuss your individual requirements and provide a no obligation proposal based on your needs.
Our approach
The security confidence we provide doesn’t come from a one size fits all solution.
Every web application penetration test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages our testing goes through:
1. Client Focused Scoping
We work closely with you to fully understand your organisation, your development processes, the application/s in question and your desired outcomes.
2. Proposal
A proposal will be drawn up outlining the number of consultancy days needed to meet your requirements, as well as detailing any prerequisites.
3. Expert Testing
When testing is required, we will agree the number of testing days to be allocated and our expert consultants will perform testing as soon as possible.
4. Reporting
We will report security issues immediately. This will be in a format that suits your development team, be it over chat, via ticketing (e.g. JIRA), email or otherwise.
5. Call Off
Our team will continue to be available for testing requirements until the overall consultancy days agreed upon have been fully utilised.
6. Post-test Support
Your test consultants will be made available after testing to explain their findings, pass on their expertise and provide support to your development team.
Like the sound of our approach?
You can find out more about our test process and why it sets us apart.
Contact us
Want to find out more about our agile development testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.