Generally speaking, security testing is treated as an add-on to our testing coverage. Well, it is like this; if you want to function very well and you want your customers to love you for what you have given them? It becomes very important to care for their software needs. And people hate when their data is compromised. But, the fact remains the same. And that fact says, “No matter what your users want, you still continue only with functional testing and UX testing”, but you forgot that if users do not have secure experience then they shall still be satisfied with your User eXperience ingredients. However, this is a sloppy fact and a lie which many people consider as a fact.

Possible reasons why security testing is not given importance?

#1 Product owners/stakeholders are not aware of how security testing can help to safeguard their business in the long-run.

#2 Companies are doing great business and they are least bothered to spend on security testing activity

#3 Testers in testing companies do not have time to learn something else. Really?

#4 To do security testing, passion is required and most of us lack that.

#5 Most or some testers want straight-forward training with security/penetration testing tools, they do not want to practice the mindset of it. Mindset is always boring, we humans are impatient and we want have take-away very soon.

#6 Most or some testers do not like to spend on credible security testing workshops. They always love to receive but do not like to give (And here giving for the workshop will benefit themselves).

So what’s the solution?

Security testing is not an option, it’s a choice for those who want to build a cleaner and safer web. Those who perform security testing for their web apps or mobile apps or client-server stand-alone apps contribute to the world for the safe web. Others would continue to make money without caring for the data of users, that’s inevitable. You can do your bit if you like to. Having said that, some or most people may face a large loss due to breaches and also class-action lawsuits due to sloppy security practices in their organization. For instance, you don’t want to be fined for not being compliant towards GDPR (General Data Protection Regulation).

What can we do as testers to create awareness?

No worries if your area of interest is functional testing, but you can still learn something about security testing and help your customer understand the importance of it. But, its tricky as your customer may go to someone else who can do both functional testing and security testing. But, I personally would make the customer understand even though I cannot test for security. Like how a layman can be made understood about security hassles, even you can do it for a customer.

Why it’s a choice and not an option?

It is simple! You are dealing with sensitive data of your users. How can you consider it as an option? It’s surely a choice that you want to safeguard your users. Don’t you?


Santhosh Tuppad has played different roles in his life which include being an entrepreneur, liar, lover, boyfriend, husband,  thief, passionate software tester, blogger, reader, trainer, coach, black-hat hacker, white-hat hacker, grey-hat hacker and what not. In this amazing journey of life, he has experienced his salvation. Not to forget that, “Salvation comes at a price” and of course he has paid that price. Before he was known for being merciless, ruthless, unkind, evil etc. And today he is known for kindness, humbleness, and some people call him “Privacy Fighter”.

RTC2018 – seen through the eyes of a student

If you are a professional software tester or a curious tech-savvy who loves taking part in the newest debates related to software testing, automation, artificial intelligence, machine learning, IoT or/and software security, you must have already heard about Romanian Testing Conference (RTC), the largest testing conference in Central-Eastern Europe which is held every year in the heart of Transylvania. This year, the 7th edition of the conference took place between 9th and 11th of May 2018 in Cluj-Napoca, hosting about 670 participants and 31 international speakers from 12 different countries.

The schedule of the conference consists of two full-days of hands-on practical workshops (about 7 to 8hours), with 5 different tracks to choose from and with topics varying from automation testing, security testing, test strategies, continuous delivery approaches or specific frameworks & tools used in each area of software testing, offering participants the opportunity to choose the workshops that best suits their needs and interests. The last day of the conference is composed of various shorter keynote presentations where speakers are encouraged to share glimpses of their experience and knowledge with the audience, the main focus being on approaching subjects related to software testing from a creative or technical stance, offering a very insightful perspective for each topic.

RTC mainly focuses on gathering together the largest community of professionals in this field with the purpose of sharing bits of knowledge, wisdom & best practices according to the latest criteria, raising awareness of how important is to maintain the highest standards when talking about quality and risk in each tech-related field of activity. Also, this event encourages debates on the latest topics of interest regarding software testing, offering a better understanding of the subtle nuances and challenges that a software tester faces each day in this spontaneous and ever-changing craft. One of the most important things that I have learned here these days is that software testing is supposed to be a whole experience, continuously delivering quality through products and services that make the users feel good and safe, enriching their overall experience when interacting with them. The art of testing is not only about finding bugs and validating requirements (as it is sometimes perceived), but is also about exploring, experimenting, investigating, observing and having a critical thinking when approaching the value of a product or service.

I would not go into describing the workshops in a very technical and detailed manner, but I would like to present them briefly by highlighting the most important facts or tips & tricks that I have learned from them. Firstly, I have learned about the importance of setting goals when approaching software testing and always taking risk and value into consideration in order to have a good reason for testing that will prove its worth in the end. As quality is generally defined as “something of value for someone” it is a tester’s job to define it and understand its importance and impact over the whole user experience that would decide the success of a product or service in the last instance. As being a very debated topic recently, automation testing was obviously brought into discussion, with its main focus being on maintainability, highlighting some very important principles to be taken into consideration when coding: readability, correctness and performance with a goal of delivering high- quality and approaching testing from a smart perspective, avoiding overlapping bits of code. Besides those theoretical concepts, there were hand-on tasks and challenges that proved to be very useful for applying those fundamental concepts in practice and further provoke those with a curious mind to learn more and experiment more with them.

The last day or “The Conference Day” was well structured and entertaining too, offering the participants a wide variety of topics and keynotes to choose from. The main ones approached topics as: the importance of cybersecurity and ethical mindset in software testing, VR concepts, automation engineering, required leadership skills in an IT work environment and how to better train your mind in order to perform well in this field. The overall vibe of this day was fantastic, the audience was very interested in the topics debated, the conference rooms were occupied over their seat capacity and the speakers were very well prepared and eager to share their ideas with us, and also being very responsive to feedback and Q&A sessions, offering the audience bits of their day-to-day experiences and challenges as professional software testers. Each of them came up with a different perspective on software testing, using creative or technical approaches, highlighting the most important facts and clarifying all the misconceptions in order to further accelerate the continuous learning process and encourage the testers to bring more value to an organization by developing a new mindset. The discussions continued even after the keynotes, when participants and speakers shared their views and opinions during coffee & snack breaks, engaging in debates over the latest topics.

As expected, hot debates emerged around the role of software testing in an artificial intelligence world with all its challenges and risks, from machine learning basics to machine ethics and a future artificial world based on automated processes. Nevertheless, the keynotes brought up concepts such as metacognition (concept borrowed from psychology) in the field of software testing, as encouraging new ways of learning, enhancing the knowledge gathering and understanding of the entire process of delivering quality at its highest standards. Also, the conference focused on delivering some very useful information about leadership, highlighting the importance of understanding the business and its targets, having integrity as a “coin you cannot afford to spend” and learning through failure how to better succeed at managing a technical team as well as your expectations and time. Being a leader may seem an extremely hard and stressful job, but it can prove to be very self-fulfilling if done right, combining the right soft-skills & technical expertise in order to deliver the best outcome.

Overall, RTC is a very useful experience where you can learn a lot, even if you are a student taking your first steps in this vast technical world or an experienced professional looking for new approaches and ideas to apply in your everyday work. Staying always curious and hungry to discover and learn more about your field of interest is the best way to ensure your way to a successful career. Also, I could not highlight more the importance of networking that comes with these kind of events, enabling you to meet people that share your interests and passions and offering the opportunity to benefit from being part of a loving and supportive community that will help you grow personally and professionally. In the end, I would say that RTC is a wonderful experience that leaves you drained and full of energy at the same time, gives you tons of new ideas and fresh perspectives regarding the software testing field and motivates you to learn and experiment even more with what you have discovered. I encourage every curious-mind passionate about technology and quality to give it a try and take part in the largest testing conference in Central-Eastern Europe the next year. I am sure that you will enjoy it, meet lots of people that you can share your curiosities and ideas with and discover a lot of useful information that will change your overall perspective and understanding about this domain. After being part of RTC once you will certainly be eager to attend the next edition, as I am now.

As a fun fact, this year we succeeded to place the largest group order involving 255 simultaneous users accessing the HipMenu app, 239 users that placed an order and 259 delicious donuts delivered to us, all sorted alphabetically as to make it easier for us to find our donut and recharge with a sweet snack after a long day of software testing debates challenges.