With more than 7 years of professional experience in the business and IT domains, Laura prides herself for having gained a rounded set of skills and competencies – the blend of IT smarts, teamwork, conceptual thinking, and business acumen is what allows her to successfully solve problems and cut through complexity.
Throughout her career, she purposefully studied the craft of solution testing, as a risk discovery and mitigation enabler.
She is studying methodologies, heuristics, and approaches that allow her to persuasively talk to how companies can manage risk in their solution life-cycles and to how frameworks can be designed in order to meet the growing expectation and appetite for professional approaches to risk management.
Her mission and value-add statement are to design, coordinate and implement a more deliberate and defensible approach to solution testing and technology and business risk management.
Generally speaking, security testing is treated as an add-on to our testing coverage. Well, it is like this; if you want to function very well and you want your customers to love you for what you have given them? It becomes very important to care for their software needs. And people hate when their data is compromised. But, the fact remains the same. And that fact says, “No matter what your users want, you still continue only with functional testing and UX testing”, but you forgot that if users do not have secure experience then they shall still be satisfied with your User eXperience ingredients. However, this is a sloppy fact and a lie which many people consider as a fact.
Possible reasons why security testing is not given importance?
#1 Product owners/stakeholders are not aware of how security testing can help to safeguard their business in the long-run.
#2 Companies are doing great business and they are least bothered to spend on security testing activity
#3 Testers in testing companies do not have time to learn something else. Really?
#4 To do security testing, passion is required and most of us lack that.
#5 Most or some testers want straight-forward training with security/penetration testing tools, they do not want to practice the mindset of it. Mindset is always boring, we humans are impatient and we want have take-away very soon.
#6 Most or some testers do not like to spend on credible security testing workshops. They always love to receive but do not like to give (And here giving for the workshop will benefit themselves).
So what’s the solution?
Security testing is not an option, it’s a choice for those who want to build a cleaner and safer web. Those who perform security testing for their web apps or mobile apps or client-server stand-alone apps contribute to the world for the safe web. Others would continue to make money without caring for the data of users, that’s inevitable. You can do your bit if you like to. Having said that, some or most people may face a large loss due to breaches and also class-action lawsuits due to sloppy security practices in their organization. For instance, you don’t want to be fined for not being compliant towards GDPR (General Data Protection Regulation).
What can we do as testers to create awareness?
No worries if your area of interest is functional testing, but you can still learn something about security testing and help your customer understand the importance of it. But, its tricky as your customer may go to someone else who can do both functional testing and security testing. But, I personally would make the customer understand even though I cannot test for security. Like how a layman can be made understood about security hassles, even you can do it for a customer.
Why it’s a choice and not an option?
It is simple! You are dealing with sensitive data of your users. How can you consider it as an option? It’s surely a choice that you want to safeguard your users. Don’t you?
There is a strong discrepancy between the amount of information being transmitted and the amount of information our brains have the capacity to process.
I have always been fascinated by the way the human brain works and I also think that being familiar with cognitive science is a key skill of any designer. In the digital world, there is a huge number of websites, apps, articles, and advertisements trying to get our attention.
People are programmed to focus their attention on anything that is different or new.
As you are reading this article, there are numerous sensations, sights, and sounds going around you. The traffic sounds, other people talking around you, the warmth of the room or maybe the memory of a conversation you had earlier today.
So, depending on your ability to focus, the brain can induce a specific blindness that makes you miss the changes happening in your visual field.
In one experiment, participants were shown an image that was changed during a brief blank interval in the visual scene. The researchers found that when there is a brief break in the visual scene, people find it more difficult to detect changes. This is called Change Blindness.
Change Blindness is a common phenomenon in the digital world, where visual elements can appear and disappear or change their label almost instantaneously. For example, observers often fail to notice major differences introduced into an image while it flickers off and on again, like a page that refreshes. In many cases, the changes in the visual seem so big, that they seem impossible to miss. Yet when attention is directed elsewhere, people are capable of missing both minor and major changes that take place right in front of them.
Change Blindness is rooted in the human brain’s instinctual ability to filter out unnecessary information and stimuli. Basically, any time a new visual element is introduced to an existing display, it is at risk of being ignored.
Here is a popular example about how Change Blindness works, on the Vans.com mobile website. If a visitor selects a size that is not available, the label of the “Add to Cart” button changes to say “Out of Stock”. This slight, but important, change in the label doesn’t stand out, when the rest of the display stays the same.
This is happening because:
One: the user’s attention is focused here on the Size and Quantity fields;
Two: The “Out of Stock” label was overlooked because it looked too much like the “Add to Cart” label, and was too far from the user’s attention was focused;
Although the design is perceived by our senses (vision, touch, hearing), it is immediately processed by our brain. As designers, we have the power to guide the human mind during and even beyond the interaction with the product by using some key steps in our design process:
Make your page easy to scan
Remove clutter and make the page as easy as possible for your user to achieve their desired outcome, rather than trying to find actions or buttons. An important part of the design is making it highly usable for the targeted users and allowing for extra functionality to be discovered as it is needed. This will help you fight the change blindness and will help you increase the conversion rate.
2. Minimize visual interruptions
Avoid page refreshes whenever possible. This will cause an Interruption in the user’s visual perception and lead to an unnecessary shift in their attention.
3. Provide smooth, continuous feedback
Keep the users informed about what is going on within reasonable time, without leaving them wondering and waiting. You can do this through: loading bars, spinners, active state of a button, scroll flag, feedback sounds etc. Also, make sure the feedback is delivered in a natural place, where the user expects it, so it can be followed and understood.
4. Use appropriate visual emphasis for significant new elements (such as contrast, size, and padding) to ensure they are noticeable. Use data from multiple sources to get a more accurate picture; combining the insights you gain from your experience and knowledge, your quantitative web analytics, and qualitative sources (like surveys, heat maps, sessions replays, or usability tests).
5. Rely more on Recognition rather than Recall
Minimize the user’s memory load by making actions, elements, and options visible. Therefore, the users won’t need to remember information from one part of the dialogue to another. Instructions for use of the system should be visible or easily regained.
6. Focus onAesthetic and minimalist design
The less elements on the screen, the more potent the remaining ones are. Focus on using only relevant information and avoid every extra details or element that could be irrelevant and that will cause an unnecessary shift in user’s attention.
7. Build products with Consistency and Standards
Make sure that the users won’t have to wonder whether different words, labels, colours, or actions mean the same thing.
8. Prevent errors
Try to either eliminate error-prone conditions or check for them and provide users with a confirmation option before they commit to the action. Even better than good error messages is a product that prevents a problem occurring in the first place. This will help you keep the users focused.
9. Use good contrast
Use tools to measure the contrast you are using. Low color contrast creates legibility problems. The basics of color contrast are easy to understand: a higher contrast between text color and the background color is better for legibility.
10. Mind the Typography and build a visual hierarchy
Typography has a huge effect on the Mood and attention of users and also, by using the right typography, we can improve the user engagement.
This is more than selecting fonts. It is the study of how humans read, perceive, how they recognise words and how the brain processes the information.
So why should anybody care about Change Blindness?
Change blindness is a one of the psychological phenomenon that affects user perception in this digital Universe. As designers, we have the power to control the human mind during and even beyond the interaction with the product and bring more value to the digital world by using our knowledge on the cognitive science and start improving the digital world.
Change blindness plays an important role in the way users understand and look at websites. It’s important to notice that people often fail to detect changes to a visual scene and why users don’t see what you think they actually should see. By being aware of this cognitive phenomenon and understanding how can avoid it can aid you creating your strategy in your design process.