Web-based applications and cloud computing have presented new challenges forsoftware developers. Most software makers are by no means tone-deaf to userconcerns about security and usability issues, but even those softwarewriters who are receptive to these worries must contend withhard-to-plug holes that can open up in cross-platform programs such as Webbrowsers.
For Web app developers, the problems occur on two fronts. Not only dothey have to harden the application itself, but they also have to keep upwith the occasional new browser release — updates to Microsoft’s InternetExplorer, for instance, as well as frequent version upgrades forApple’s Safari, Mozilla’s Firefox, Opera, Google Chrome and others.
With more applications built for the Web, cross-browser testing iscrucial to application performance. Numerous automated helpers areavailable from a variety of commercial and community-based softwaretesting tools. For example, over 2 million users have turned to the SeleniumProject’s open source, cross-browser testing platform to solve the varioussecurity and functionality flaws that crop up in software code.Selenium is currently in use at companies such as Google, Yahoo, eBayand Salesforce.com.
However, several problems remain in cross-platform testing procedures, evenwith proven tools. Users often require commercialsupport for Selenium. Others need enhanced features and speed. Otherenterprises simply lack the infrastructure for doing their ownsophisticated product testing.
“We address the routine that each developer faces. It is laborious tomake sure that all the patches are current and that the latestsoftware version is installed. Sauce Labs does that for the developersso that problem goes away for them. Developers traditionally struggledin their labs with single versions of a software application,” John Dunham, CEO of SauceLabs, told LinuxInsider.
Barn Door Theory
Failure to perform cross-platform tests is unthinkable today. Code writerscannot rely on defined protocols and interfaces.
No two systems are alike, and this holds true for platforms, whetherit’s various hardware manufacturers or operating system platforms. The underlying operating systems and their code basesdiffer. “Because of these differences, it is very important thatdevelopers conduct due diligence on their products before releasing tothe general public,” Ken Pappas, president of True North Security,told LinuxInsider.
Hackers used to pay close attention to network breaches via networkvulnerabilities. Now they’ve largely shifted their focus to applicationvulnerabilities due to developers not doing a good enough job of testingtheir products for security vulnerabilities on cross platforms. Gooddevelopers will test and certify their products on multiple platformsto protect against hackers, he said.
Cross platform-testing is an absolute must, advised Mandeep Khera, CMOfor Web application security vendor Cenzic. However, it should bebalanced with the developer’s resources and timelines.
“Ask where are most of your users. Use the 80/20 rule to decide howmuch and when and repeat if it works. If resource and time are notissues, go full-force with all platforms,” Khera told LinuxInsider.
More Than Security
The Selenium Project did not originate with a quest to makecross-platform software more secure, noted Dunham. Softwaretesting is done for general functionality more than security issues.The developers sought a solution to make it easier for them to makecross-platform apps like the ones used in SaaS (Software as a Service)and cloud-delivered software more reliable.
“The browser wars were getting underway. Software developers neededto support multiple browsers,” Jason Huggins, cofounder of Sauce Labs, toldLinuxInsider.
The big problem in developing Selenium was that features would work inone browser, like IE but not in Firefox. Huggins would fix one, andthen it would break in the other.
The Selenium Project interacts with a Web site the way a user would.The software goes to the site, clicks on an image, enters some text, clicks on a button — all the things typical users do. That’s what was builtinto Selenium, according to Huggins.
Selenium is a testing environment for developers. It’s a roboticplatform for which developers can write scripts. They can remotelycontrol the browser to have it do certain functions and then comparethe results with a pass-fail value and make a judgment based on that,he explained.
The software is open source. What Sauce Labsdoes is apply the factors for its use with the clouds.
“All of those so-called air traffic control factors are what SauceLabs adds to Selenium,” Dunham said.
Sauce Labs provides peer support and value-added packages. That’s theopen source business model that can lead to a steady flow of money asa commercial operation.
So far, Selenium has had over 2.6 million downloads by QA testes anddevelopers. What Sauce Labs is doing is positioning itself as the RedHat for Selenium, Dunham said.
His reference to commercial enterprise Red Hat hinted at what Dunham’sgoal is for Sauce Labs. Red Hat Linux is a commercial distribution ofthe free community-based Linux operating system the Red Hat companydevelops as the Fedora Project.
“As long as people keep putting out new versions and new browsers,like now we have the new Chrome browser, there is always catching upto do. Selenium will have to make sure that it keeps working,” Hugginssaid.
The community version still uses the five-year-old code line ofversion 1.0. However, Sauce Labs, Selenium community members and a few engineers at Google are readying version 2.0.
With the release of the new code base in Selenium 2.0, Sauce Labs ismerging the Selenium Project with the WebDriver project, sponsored byGoogle. This will bring a better engine under the hood of Selenium,according to Huggins.
A good analogy to the benefits of the software merger is when Ruby onRails merged with Merv. Merv was a better and faster engine under thehood, but Rails had better recognition as the brand, Higgins noted.