Agile development testing

Flexible testing to provide security assurances throughout the development lifecycle

What is agile development testing?

Traditional penetration testing typically takes place at the end of the development lifecycle, prior to go-live, ensuring that no major security flaws are present. This approach certainly has its place, and we would always recommend testing whole applications and systems annually.

However, in today’s fast-moving DevOps world, this approach should be complemented with flexible, less time-consuming and more ad-hoc testing. Testing that fits with the agile development methodology.

In these cases, clients don’t want a full penetration test of their entire application. Rather, they want to spend a short amount of time looking at a particular update, or a new feature of the application, delivering findings quickly via a ticketing system, or even over a Slack channel.

Our agile development penetration testing service has been designed to meet these flexible needs.

Flexible to your requirements

Once a set number of days has been agreed upon, our experienced security consultants will be placed on standby, ready to respond quickly to your testing requirements.

Focus on specific features/functionality

Our agile testing allows you to concentrate your efforts on new features being released or functionality that has not been tested previously.

Value throughout the development lifecycle

Agile testing can be deployed throughout the development process, helping catch issues early and prevent potential security headaches further down the line.

Provide security assurances

Our testing is here to provide you, and your stakeholders, with the assurances you require. Assurances that the development areas under review are as secure as possible.

Find out more about Pentest

Find out more about Pentest, the support we offer and
the reasons clients choose us.

What we review

Our agile testing methodology will be tailored to each engagement and will be based on your requirements. Whilst every engagement is different, examples of what we review include:

Security configuration & authentication

Application functionality, technology & data flow

Susceptibility to Cross-Site Scripting (XSS), SQL & other injection attacks

Data transfer security, password and sensitive data storage

Logic flaws such access control & broken authorisation

Testing against OWASP Top 10 vulnerabilities

Our agile testing process

Our agile testing methodology is designed to meet your needs and to fit within your development sprints. Our general approach would typically be as follows: 

1. Understanding your requirements

Your dedicated Account Manager (AM) will work with you to fully understand your organisation, your development processes, the application/s in question and your desired outcomes.

2. Proposal & prerequisites

A proposal will be drawn up outlining the number of consultancy days needed to meet your testing requirements, as well as detailing any necessary prerequisites before testing begins.

3. Testing

When testing is required, we will agree the number of testing days to be allocated to the individual review and look to perform testing as soon as possible.

4. Reporting

We will report security issues immediately. This will be in a format that suits your development team, be it over chat, via ticketing (e.g. JIRA), email or otherwise.

5. Call off

Our team will continue to be available for testing requirements until the overall consultancy days agreed upon have been fully utilised.

6. Post-test support

Consultants will be available after testing to explain their findings & provide support to your development team.

Why choose Pentest?

Our test process isn’t the only reason clients choose to work with us. Find out more about Pentest, our ethos and the support we offer our clients.

Contact us

Want to find out more about our agile development testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.