Business Applications: On the Tension between Efficient Testing and Compliance

Image courtesy of Stuart Miles at

Image courtesy of Stuart Miles at

Smooth business processes need a stable IT landscape. Thus, IT departments spend time and money on testing their business applications. But what could be a reason for a tension between efficient testing and compliance needs? Sensitive data are the reason! Testing business applications requires adequate data in the databases of test systems. …

Read here the full article of my Keynote at the 37th meeting of the special interest group testing, analysis, and verification” of the German Informatics Society.

What Developers and Testers need to know about the ISO 27001 Information Security Standard

Image courtesy ofrenjith krishnan at

Image courtesy ofrenjith krishnan at

Late in 2013, the International Organization for Standardization released a new version of its ISO 27001 information security standard. The standard covers requirements applying to all organizations and ones relevant only for organizations with in-house software development and integration projects. They impact testers, developers, and release managers. This article summarizes the relevant facts and points out topics that testing and development teams have to work on.

Click here to read the article, which I published in the testing experience magazine…

Article in German: Ethische Überlegungen zum Einsatz von Data-Loss-Prevention-Tools in Unternehmen

Image courtesy of winnond at

Image courtesy of winnond at

Snowden, CDs von Schweizer Banken oder die fast vergessene Bonusmeilen-Affäre – manche MitarbeiterInnen ignorieren arbeitsvertragliche und strafrechtliche Normen. Mögliche Gründe sind Frust, Geltungssucht oder der Reiz des schnellen Geldes. Manchmal passiert „nur“ ein Fehler. Eine Mitarbeiterin verliert einen USB-Stick mit Forschungsergebnissen oder ein Mitarbeiter schickt eine Kundenliste an eine falsche E-Mail-Adresse. Ein solcher Datenabfluss ist in hochkompetitiven, wissensintensiven Sektoren wie der Pharma- oder Automobilbranche besonders kritisch. Änliches gilt für Branchen mit sensiblen Kundendaten. Beispiele sind das Gesundheitswesen, Banken und Versicherungen. Auch der Sicherheitssektor ist gefährdet. Wie schützen sich also Unternehmen vor einem Datenabfluss?

Hier zum vollständigen Artikel…

When Data Is a Risk – DLP Tools and Their Role within IT Departments

Image courtesy of renjith krishnan /

Image courtesy of renjith krishnan /

Snowden is a reversal point for IT security and risk. Before him, many saw IT security as equivalent to a medieval town wall: keeping outside hackers and malicious code away from the company. Firewalls, virus scanners, and application security testing (e.g., to find SQL injections) fit the town wall approach. But Snowden was different. He was from the inside of the organization. He collected large amounts of sensitive data. Then, he got the data out of a highly secured IT organization, which had to learn from the press about the case. In this article, I will explain such data-related risks in ITdepartments and how data loss prevention (DLP) tools help to manage them.

Read/download my article as a PDF, which appeared in the February issue of the ;login: magazine from usenix.

Information security risks in test environments – two new articles in German

Image courtesy of khunaspix /

Image courtesy of khunaspix /

Two articles appeared in the magazine “SQ-Magazin”. Both are in German and focus on risks in test environments (Testdaten als Risikofaktor) respectively on how data loss prevention tools address them (Data-Loss-Prevention-Tools minimieren Sicherheitslücken in Testumgebungen).

Mobile Testing

(C) Samsung Mobile Press

(C) Samsung Mobile Press

Mobile apps are everywhere. Some apps entertain and others enable business transactions. Apps increasingly interact with complex IT landscapes. For example, a banking app on a mobile device acts as a front end that invokes services on a back-end server of the bank, which might contact even more servers. Mobile testing becomes crucial and challenging. This paper follows a user-centric testing approach. The app’s architecture matters for testing, as does its user base and usage context. Addressing these factors ensures that test cases cover all relevant areas. Most apps need test automation for two reasons: agility and compatibly. To the complete article about testing mobile apps …

How Scrum Changes Test Centers

Do you like agility? Do you like being celebrated like a rock star? There was once such an opportunity. You and the authors of this paper missed it. Until recently, developers lusted after tales of agile and Scrum projects. This changed as agile became the new normal for development projects and talks about Scrum mainstream. In the testing community, in contrast, Scrum brought
uncertainty. Is agility the ultimate chance for developers to get rid of nasty testers? Or does agility only change job profiles? This article provides the answers.

Read the Konrad Schlude’s and my article how scrum changes test centers here…

This article appeared in the August 2013 issue of Agile Record.

Bank Branches and Marketing in Manhattan

Usually, I write about is IT, especially testing and quality assurance. Since I consult mainly in the banking industry, I am also interested in new developments in this industry sector. On my last trip to the US, I was curious how banks present their offerings in the display windows branches. I made some pictures in New York, which I want to share with you.


Their promise is to ease their customers’ life, e.g., with guaranteed reaction times for loans or helping them getting a better overview about their personal financial matters (sorry for the bad picture).


Easing their custmers’ life, this fits very well to their ads for their mobile banking.




TD Bank

The bank might not be known around the world, but their unique selling Proposition is easy to understand. They want to be the most convenient bank. Each advertisement stresses this.

Open seven days a week…


…long opening hours…


…various channels…

Another small gesture:



I did not see any eye-catching ads. However, it is interesting how they market their self-service terminals. They do not mention cost saving opportunities for them or their customers. They call it express banking. Nice idea.


Bank of America

Another large bank, many good ideas, but they do not get a consistent message such as the TD bank. They want to connect with their customers. They state it and add some un-perfect looking snapshots. The terminology reminds me of social media though their initiative is not relate to Facebook, Twitter or something similar.
Interesting is that they offer a QR link.

They offer mobile Banking apps. In contrast to Citi Bank, it is not 100% clear how this offer relates to their overall strategy…

A nice way to show their customers the various branches and ATMs in the neighborhood…

Traditional Banks

The photos above show innovative ideas. Others Banks are more conservative. I also added some photos here so stress the difference. The Sovereign bank has a colorful design, but nothing to remember.

The Berkshire Bank is proud of their 25 years history and emphasis their interest rates. That is quite traditional marketing.


Capital One makes a quite repelling impression.


But cetainly, good marketing (alone) does not mean to be successful …

How do you think about the marketing of these banks? Did you see anything interesting somewhere else?

First published: June 1st, 2013


Test Data Management in Practice

Do you have issues with your legal and compliance department because test environments contain sensitive data outsourcing partners must not see? Do your testers have idle time because test data are missing or test environments have inconsistent data? If any of these challenges applies to your situation, the concepts of this paper can help. The first concept is database-application-aware test cases. They enforce that test cases for business applications provide all information needed for repeatable execution. Second, a type
concept eases the test case maintenance and preparation of test data for a test start without delays. Third, a test data catalogue lists database objects for the various types. Finally, architectural patterns describe various ways to set up test environments with production and/or synthetic test data. This paper focuses on integrating these concepts into the daily test process. This includes the tool aspect, which we illustrate with our Swisscom Test Data Organizer. Read the complete article Test Data Management in Practice

This article appeared appeared in the conference journal of the Software Quality Days 2013, Vienna.

Three New Technologies That Will Disrupt Your Test Organization

New technologies such as Cloud, SOA, and multi-tenant systems boost ASP and BSP sourcing models. This fundamentally changes the task portfolio and staffing needs of test organizations. CIOs prevent quality and cost problems by initiating the change process early.

Read the complete article about future trends in testing here…

This article appeared at the 2012 Software Testing, Analysis, and Review West Conference (STARWEST 2012), September 30 – October 5th, 2012, Anaheim, CA