Sleep tight! A recent survey found that half of companies had been hacked within the past year, often times with “severe financial consequences.” Here with the breakdown is PCAdvisor.com:

The study, sponsored by Coverity, also found the IT professionals willing to  admit their organizations were facing various types of difficulties that contributed to their Web application security problems. Among these were:

- Can’t keep pace with the volume of code they produce. Here, the IT professionals cited the competitive need to keep up with delivery of “products,  services and new engagement models” needed for success and profitability of the business, saying this need has put the app-dev teams “under intense pressure to  increase their delivery speed.”

- Struggle to build the business case for additional funding. Fully 71% of  the respondents that suffered at least one data breach said they felt they  didn’t have enough funding to invest in application security technologies and  processes.

- Lack of adequate tools. About three-quarters suffering a data breach said they likely didn’t have the right tools for application security.

The Forrester survey also asked the respondents for detail on specific security problems that had raised their risk of suffering a data breach.

Default password accounts, SQL injection-related vulnerabilities and security misconfigurations were cited most frequently. For those organizations that had suffered five to 10 incidents since 2011, SQL injection topped the list.

Of the points listed above, I found the “can’t keep up with code” item to be the most thought provoking. Perhaps the agile methodology lends itself to software that is vulnerable to common attacks….

What surprised you most about this survey? Let us know in the comments section.

Though we stress the need for manual testing under real world conditions – what we called in-the-wild testing – we also stress the importance of test tools and automation. So if you’re looking for in-the-wild testing, go check out uTest. If you’re looking for a nice list of functional testing tools, you should check out opensourcetesting.org.

Here are a few handy tools from their list of 122, in no particular order:

Anteater
Description:
Anteater is a testing framework designed around Ant, from the Apache Jakarta Project. It provides an easy way to write tests for checking the functionality of a Web application or of an XML Web service.
Requirement: OS Independent

AutoTestFlash
Description:
AutoTestFlash allows the recording and playback of tests writen in Flash and Flex. The tool website provides a live sample.
Requirement: Windows / Flash

DejaGnu
Description: DejaGnu is a framework for testing applications such as Tcl, C, C++, Java and network applications and cross testing of embedded systems. Its purpose is to provide a single front end for all tests. Think of it as a custom library of Tcl procedures crafted to support writing a test harness.
Requirement: MacOS, Windows, POSIX

Read more…

Okay, we waited a few decades to see if this whole “world wide web” thing was for real or just a passing fad. Now that we can safely conclude the web is here to stay, we’re happy to announce the launch of WebAppTesting.com.

Like our other blogs, this site is owned and operated by the attractive, creative geniuses over at uTest - the market leader for in-the-wild testing. Disclaimer time: The views here do not necessarily reflect those of uTest, its testers or customers.

As you may have guessed, the purpose of this site to explore the vast space that is web app testing. With all the attention paid to mobile testing and other trends, it’s easy to forget that the web remains the object of most testing today.  So with that in mind, we’ll be posting tips, interviews, articles and videos to help you develop a better understanding of the the testing landscape.

Subjects will vary, but are likely to include:

• Browser and OS compatibility
• Test automation tools
• Agile testing and other methodologies
• Security and other testing types
• Testing the mobile web
• Third party apps

Of course, we can’t do this alone. So if you’d like to make a name for yourself in the testing industry, please send us your guest posts.

Stay tuned. Much more to come, starting…now.