Cigniti Technologies is the world’s 3rd largest independent software testing services company. Over the years, it has helped enterprises and ISVs across verticals build quality software while improving time to market and reducing cost of quality. Sai Chintala, senior vice president – Global Enterprise Solutions of the company, speaks about the importance of testing banking applications
N. Mohan: Do you think software-testing budgets will rise or remain static, given the new technologies and concepts like IOT, SMAC, and BigData analytics are becoming more prevalent? What are the challenges that independent software testing enterprises have to face in this scenario?
Sai Chintala:Overall IT budgets (and hence software testing budgets) will moderately rise due to the enterprise adoption and investments in the areas such as BigData, SMAC, IOT and digital. Given the above trend of technological growth and customer expectations in terms of rich UI and seamless experience across the channels, independent testing needs to be comprehensive, yet smarter. With continuous development and continuous deployment becoming a reality, continuous testing is something clients are looking for. Independent testing enterprises may not face any challenges, if they made enough investment to create testing IP, have multi-skilled resources (read as Software Development Engineer in Test, or SDETs), technology / OES / OS agnostic frameworks, and cloud-enabled test labs to support changing trends to ensure comprehensive QA with most optimal efforts and cost.
How do banks and financial services institutions consider software testing? Is it largely an in-house exercise or do they engage specialists for the purpose? Is it necessary that they follow both the black box as well as white box testing procedures mainly because most of the software they use is normally bought off-the-shelf?
Over the decades, we have noticed BFSI enterprises are increasingly moving from having BA & SME doing ad hoc QA & testing to using, deploying and engaging ‘career testers’ (who are trained and certified) to get their testing done. They are also increasingly engaging independent testing experts and having them co-own or fully own systems integration testing, UAT and performance. With over 10% of the budget on run the bank (RTB) & change the bank (CTB) being allotted for software testing purpose, there is significant focus on adopting “shift left” approach towards QA, and leveraging tools to automate early, and automate more, given the focus on digital initiatives, which calls for continuous deployment to be competitive in the market space.
Can you identify banking software systems that are more prone to problems and those that would require intense testing before being inducted?
As per the research from Nelson Hall, financial services (38%) are the largest verticals on specialized testing services (STS) spending. The adoption of testing has been strong in sectors with large application estates (for example, banking) or which are investing in new applications. The key drivers for spend in the specialized/independent software testing services industries are driven by regulatory compliance. Also Nelson Hall says retail banking is the main spender in STS driven by cost savings as well as by mobility, payment, omni-channel, and regulatory compliance.
Digital and Customer experience testing is another challenge in testing banking software systems of tomorrow.
Testing is a critical element in ensuring business delivery. The technological advancements, product innovations, changes in the functioning of the application, time criticality in the development and the deployment of the application, have alleviated the complexity level, which in turn has put the application at higher risks and greater testing challenges. To mitigate these risks, the first step that needs to be followed is identifying the challenges and risks; the better the identification of risks, the lesser the chances of failure.
Following are the major business challeges/risks:
• Developing complex trading and surveillance scenarios & test cases
• Replicate realtime complex trading scenarios with extensive test data
• Test data management
• Integrating front-end, middleware, back-end, heterogeneous applications including legacy platforms
• Building and maintaining domain competency
• Changes in business model, rules and regulatory requirements, introduction of new products, down time (revenue loss) and time to market
Technical challenges/risks are:
• Interaction of multiple systems through several interfaces and gateways
• Automation of complex scenarios and interface gateways
• Managing and maintaining fit-for-use test environments (bringing system down and up for each trading day) in spite of the complexities involved in the trading domain
• Performance testing to ensure acceptable levels of latency as per the SLAs
• Risk of failure, new technology integration, legacy applications, migration to a new application, 3rd party application issues affecting your own system.
What could be the ideal testing model for a bank while a) inducting a new software; b) while activating a new version and c) while implementing a patch?
While inducting a new software, it is building an end-to-end testing solution covering functional, SIT, automation, regression, performance, security, UAT, and maintenance support. Focus should be on automating early, and automating more.
While activating a new version, care should be taken on business continuity testing, data migration and data quality testing, UAT testing and performance and security testing
Whem implementing patch, there has to be build verification testing, defect regression testing, regression testing and UAT as needed
Do banks and financial services institutions budget adequate resources for software testing?
Given the high quality experience expected by new gen customers, financial services institutions are investing enough resources (in-house or outsourcing) to ensure quality of applications (internal or customer facing) is very high, and that the testing practices are highly matured.
Can you talk about the concept of Testing Center of Excellence? Do you think the correct test data is one of the most significant aspects in a testing scenario? How can you ensure the correctness?
The essence of TCoE is to standardize and centralize all testing entities such as people, processes, tools, and infrastructure across all the portfolios (and geographies) in a given enterprise. The primary focus is to optimize utilization of processes, people, tools and infrastructure with the end objective to run “Lean and Efficient”, and to lower the cost of quality while improving the effectiveness of testing. Oftenthe TcoE has both domain and technical SMEs for the BFSI Enterprise in context, and also its strategic outsourced testing partners.
Test Data is the trump card to crack a system. Often over 30% of overall test effort is spent in creating, managing and destroying the test data. Efficient test data management solution aids in building effective test scenarios, identifying defects, and assuring the stakeholders to release the application with great confidence. Correctness of test data is ensured by involving domain SMEs, BFSI testing practices, and technical SMEs earlier in the STLC and by implementing test data population techniques.
What are the challenges in mobile application testing? And similarly in security applications testing?
In mobile application testing, it is identifying the right set of OS/devices/screen resolution fragmentation, specialized testing team covering functional and non-functional testing, need for single automation framework – ‘onetime scripting and execute anywhere’ and availability of mobile test lab including legacy OS and devices
In security application testing, it is testers with ethical hacking mindset, complicated test design techniques and threat modelling, maintaining zero-day vulnerability and compliance to regulatory standards.
Can you talk about the major changes that have happened in the banking application testing workflow?
Going digital is the mantra of BFSI providers that requires focus on following test areas:
Continuous Testing– ensure thorough handshake between the teams, implement automated procedures, automate early and automate more, leverage service virtualization for control over the test environment and implement cloud-based solution.
Omni-channel testing– assure consistent customer experience across channels, end-to-end business process validations across channels, cross-platform validations (device, OS, browsers et al0, validation of business logic, middleware communication and data and leverage device labs, simulators, and emulators to ensure complete coverage.
Customer experience– testing end-to-end customer journeys, testing specific responsive web design patterns, accessibility and usability testing, compliance with certification standards and application performance and navigation and content testing.
Analytics validations– validate structured and unstructured data, testing the accuracy of data, performance and ease of usability, availability of data during critical failures (failover testing), validate completeness of data and ensure valid test data and test environment availability.
Cyber Security QA – shift to ‘anticipate and hunt for malicious activity’, PCI DSS certification, smart card, and contactless payments testing, threat modeling and intelligence – business and technical focus andspecialized test design coverage.
To what extent software testing has been automated? Can you talk about the automated testing tools provided by HP, IBM, and Borland?
Today enterprises are able to automate between 30% to 70% of overall activities and events in software test life cycle based on the maturity of testing process, complexity of technology stack, return on investments, skills available in-house, and availability of mature test tools that are available to facilitate good automation coverage. We also see a significant portion of regression testing, user acceptance testing, and integration testing being automated.
‘DevOps’ integration is calling for automation across all the events in the STLC to ensure continuous deployments. There are instances where builds are released twice a day leaving only “few hours” to test. This calls for a more matured test automation framework than just delivering UI-based automation solution. This framework must have the ability to integrate with build release process to ensure seamless handshake right-from build check-in, invoking current test suite, running execution engine till reporting. It is also expected that the independent software-testing vendor should have custom automation framework that is compatible with various build deployment server/procedures. Please refer to the diagram for the typical list of COTS and OpenSource tools.
Can you talk about service virtualization, a concept that is very widely discussed today and largely adopted by independent software testing labs?
Service Virtualization (SV) is a method to emulate the behavior of essential components that will be present in a final production environment. Service virtualization allows complex applications to undergo integration testing much earlier in the development process, removing key bottlenecks that would otherwise delay production and time-to-market for an application under test (AUT).
SV addresses several issues that we face with integration and end-to-end testing
• High coordination effort between various application teams for end-to-end testing
• With SV we have Virtual Services for dedicated access across teams
• SV enables Shift left – early Unit/system/SIT/UAT/performance testing
• Correct Test Data for end-to-end testing
• With SV we have availability of test data combinations for happy path and negative testing
• SV enables improved Test Coverage
One major complexity as far as banks and financial services institutions are concerned is the compliance and regulatory requirements. Does this complexity impact software testing and if so to what extent?
Yes, regulatory compliance directly impacts software testing and makes it multi-fold. There is no way that this regulatory compliance can be compromised and testing team must consciously design test scenarios covering the all compliances and regulations. ‘Swift Release’ being the modus operandi is always a challenge to software testing world.
