Bungee jumping and smoking are bad ideas. So is using live customer data when developing and testing applications. This is, however, precisely what many companies do, at least according to a recent survey conducted by Compuware Corp. and the Ponemon Institute. They found that 62 percent of responding companies are guilty of this hazardous shortcut. The report says 89 percent of the companies that engage in this behavior use customer files and 74 percent use customer lists. The live data includes employee records, vendor records, Social Security numbers and other sensitive data.
The story says companies may falsely believe the data is safe because the systems are not online. However, the writer points out that the data may be seen, and possibly commandeered, by in-house testing staffs, consultants and other unauthorized personnel.
In other words, 6 out of 10 survey respondents are doing dopey things with their data.
There are a couple of ways of looking at this. At the simplest level, this shows there still are a lot of people who just don't get it. The troubling thing is that these are not home users and non-IT folks whose ignorance can be understood, if not condoned. These people should know better.
At a deeper level, the story is about the changes affecting the safe development and testing of applications. It's an important new front in the war between security forces and criminals. The perimeter is growing more secure and, thus, crooks need new avenues to attack organizations. Many have set their sights on highly complex interactive Web 2.0-type applications, Web services and SOA. It's a double whammy: Applications are growing more difficult to protect as more and brighter bad apples look to take advantage.
It's a complex and multi-faceted area. This post at Producteering, written for those with at least a rudimentary background in software development, describes the differences between product and application testing. StickyMinds, meanwhile, takes a look at mobile application development The piece provides some details on a number of related topics, including how to reduce set-up time and establish connectivity. The writer counsels testers to study the data plans being offered, to learn how to work with the transcoders that make the Internet more accessible to mobile devices and to use complimentary tools.
The good news is that there are lots of good tools are available. Three are described in this post, which is the middle of three on testing procedures. (The preceding was on tools for measuring disk performance, and the subsequent post will look at network performance testing.) The writer, a blogger named Mike Radomski, says that the most common tools to test Web applications and Oracle databases are BadBoy, jMeter and SwingBench. BadBoy is a free or inexpensive tool that helps develop and subsequently tests complex dynamic applications. jMeter is a Java desktop application that, the writer says, tests functional behavior and measures performance. It has moved beyond its initial mandate of testing Web applications. Finally, Swingbench is a free load generator for 9i, 10g and 11g Oracle databases.