Security and IoT Testing: What You Need to Know

The Internet of Things is the most recent in the long line of technological advancements that have given quality assurance professionals headaches. From mobile to cloud computing, it seems like every step forward in the digital age brings fresh challenges for software testers to cope with. The IoT is no different in this regard, and QA teams everywhere should be preparing themselves to address this burgeoning concept and have a test management strategy in place to ensure software quality in this new era.

The IoT is the natural end point of machine-to-machine communications. Broadly speaking, it involves connecting just about any device to a network and facilitating communication between disparate objects. The opportunities presented by IoT have already been glimpsed thanks to smart meters and other connected devices, and new possibilities are emerging every day. Interest in the IoT is on the rise as organizations continue to introduce new sensor-based products capable of connecting to diverse networks. According to a January 2015 Gartner report, by the end of the year, there will be 4.9 billion connected devices in the world. By 2020, that figure will reach 25 billion.

With so many previously offline devices gaining the ability to connect and communicate with other machines, QA teams will need to up their game to ensure that everything performs as expected. Furthermore, sophisticated security testing will be required to identify and address potential vulnerabilities across various smart devices.

To be sure, QA teams working in these new conditions have their work cut out for them. If making the transition from PC software to mobile apps was difficult, branching out into every conceivable smart machine will be even more challenging. These units won't just be tasked with ensuring the quality of Web apps - they'll need to check everything from smart cars to home thermostats. And individual systems may include numerous connected devices with software that needs to be vetted. Just as we've seen with the agile movement, however, getting ahead of the game is critical to setting testers up for success down the road.

Where to Start

The prospect of executing QA management duties in a post-IoT world may seem daunting, but many of the overarching goals and processes will remain unchanged. They will simply need to be scaled up to account for more connected systems. IBM Executive Security Advisor Diana Kelley noted in a 2013 piece that identifying exploitable defects and bugs will continue to be a core responsibility for QA teams for years to come. Even today, testers shouldn't really be viewing software in a vacuum, as any given app will likely need to interact with other programs on a regular basis. This will only become more important in the future when assessing software that will support connections between various devices.

The Open Web Application Security Project has also provided QA professionals with a handy list of the top 10 attack surface areas to focus on within the IoT. For instance, the organization ranked insecure Web interfaces as the number one concern, citing the need to lock down Web portals used by businesses and customers alike. This provides testers with a good starting point when analyzing software systems in an IoT environment.