Back
Testing
6 min read

Introduction to Consumer-Driven Contract Testing: Understanding the Roles

  • Abdula
  • Author Abdula
  • Published October 20, 2023

If you are new to the concept of contract testing or looking at refreshing your knowledge this post is to describe the main components involved in building a contract test and understanding the responsibilities of the parties involved.

As more and more applications adopt a microservice architecture, we must adapt to be more efficient in testing these microservices. Contract testing can be used to check the compatibility between two different services early on in the development lifecycle and ensure that an understanding has been established between the members of the different teams building the dependent services.

As the schema for the microservices is undergoing changes during the development lifecycle, the contract test will ensure that no breaking changes are finding their way into the production environment.

Consumer-Driven Contract testing is driven by the microservice that will send the request and is dependent on the service that consumes the request. The owner of the contract will be the ‘consumer’, and the ‘provider’ will be running the tests to make sure that the contract is not broken. Creating a line of communication between the two services at a lower level of the testing pyramid instead of the End-to-End level which is a far costly test to find issues in.

When dealing with contract testing, there are three main components to remember:

  • Consumer: The consumer is the service that sends a request to the downstream service and is in charge of starting the contract testing process, for the consumer driven contract testing, by opening discussions with the provider team. The consumer will publish the pact which will contain the request(s) the consumer will send and the responses they expect.
  • Provider: This is the service that will be used by the consumer; the provider side is where the testing happens. If the provider service has introduced a change that violates the contract, the provider should not be allowed to build or package the service. Upon failure, the provider team will be forced to communicate the breaking changes to the consumer, establishing a new contract between the two teams or services and ensuring that no bugs find their way into production. After the new contract has been published by the consumer, the provider service may continue with the development cycle.
  • Pact Broker: The Pact contract has to be stored in a ‘neutral zone’ and not in either the consumer or provider repo. This is where the ‘broker’ comes in. The broker ensures full visibility of contracts and test results and provides a central location. The Pact Broker will host the Pact contract published by the Consumer and allow the Provider side to pull the contract during testing

References:

Test Pyramid Image: https://blog.octo.com/wp-content/uploads/2018/09/screen-shot-2018-09-11-at-12-00-21-pm-1024×630.png

Consumer Driven Contract Testing Image: https://docs.pact.io/

Abdula
Abdula
http://qabound.com
Next Post
Don’t Get Hacked: Easy-Peasy Security Testing Techniques to Safeguard Your App

Recent Posts

  • admin
  • Posted by admin
December 20, 2023
10 min read

DORA’s deadline: the looming threat to fintech and QA engineers

The Digital Operational Resiliency Act (Regulation (EU) 2022/2554), also known as DORA,...

Testing
Read More
Biggest AI Blocker is Quality Assurance
  • Abdula
  • Posted by Abdula
November 20, 2023
1409 min read

The Need for AI Testing in Software Quality Assurance

The Need for AI Testing in Software Quality Assurance In the dynamic...

AI Testing
Read More
  • Abdula
  • Posted by Abdula
October 16, 2023
12 min read

Don’t Get Hacked: Easy-Peasy Security Testing Techniques to Safeguard Your App

In the ever-evolving landscape of technology, where data breaches and cyber threats have become commonplace, security testing has emerged as a critical component of any organization's software development and deployment strategy. This article delves into the necessity of security testing, its evolution, and the fundamental principles that underpin it, such as password complexity, minimum password requirements, password validation, fuzz testing, privacy testing, and data access control. The Imperative of Security Testing As technology continues to advance, so do the tactics of malicious actors seeking to exploit vulnerabilities in software systems. The consequences of a security breach can be devastating, including financial losses, reputational damage, legal liabilities, and compromised customer trust. Therefore, companies today cannot afford to overlook the importance of security testing in their software development lifecycle. The Evolution of Security Testing Security testing has evolved significantly over the years, mirroring the advancements in technology and the sophistication of cyber threats. Originally, it consisted of manual code reviews and limited vulnerability scans. However, as organizations recognized the need for a more comprehensive approach, the field of security testing has expanded to encompass the following key elements:  

  1. Password Complexity and Requirements
One of the foundational principles of security testing is ensuring that user authentication mechanisms are robust. Passwords are often the first line of defense against unauthorized access. Therefore, enforcing password complexity and minimum requirements (e.g., length, character diversity) is crucial. Advanced techniques like salting and hashing are employed to safeguard password storage.  
  1. Password Validation (3 Attempts and Blocked)
To thwart brute force attacks and protect against unauthorized access, it is essential to implement password validation mechanisms. These mechanisms typically involve limiting the number of login attempts and temporarily blocking access after a certain number of failed attempts. This measure is vital in deterring attackers from exploiting weak or stolen credentials.  
  1. Fuzz Testing
Fuzz testing, also known as fuzzing, is a dynamic testing technique designed to uncover vulnerabilities in software by inputting unexpected, random, or malformed data. It is particularly effective in identifying weaknesses in application interfaces and data parsing functions. Fuzz testing helps organizations identify and rectify potential security flaws before attackers can exploit them.
  1. Privacy Testing
As concerns about data privacy and regulatory compliance grow, privacy testing has gained prominence. It involves assessing how user data is collected, stored, processed, and transmitted. This testing ensures that sensitive information is adequately protected and that applications adhere to data protection regulations, such as GDPR or HIPAA.  
  1. Data Access Control
Controlling access to sensitive data is essential to prevent unauthorized users from viewing, modifying, or deleting critical information. Implementing role-based access control (RBAC), encryption, and robust authentication mechanisms are key aspects of data access control. The Dynamic Landscape of Cybersecurity   The realm of cybersecurity is in a constant state of flux. Several factors drive the evolution of security testing and make it an essential practice:  
  1. Evolving Threat Landscape
Cyber threats are becoming increasingly sophisticated, relentless, and adaptable. Attackers employ new tactics and exploit novel vulnerabilities with every passing day.  
  1. Regulatory Frameworks
Data privacy regulations such as GDPR, HIPAA, and CCPA demand stringent security measures. Compliance necessitates robust security testing to ensure data protection and legal adherence.  
  1. Reputation and Trust
A security breach not only leads to financial losses but can also irreparably damage an organization's reputation. Security testing is essential for maintaining trust with customers, partners, and stakeholders.  
  1. The Data Economy
In the digital age, data is a prized asset. Failing to protect data can result in significant financial and legal consequences.   Conclusion In an era where data is a valuable currency and cyber threats are constantly evolving, security testing has become an indispensable part of software development and deployment. The evolution of security testing methodologies reflects the need for organizations to adapt to an ever-changing threat landscape.   By embracing fundamental security principles such as password complexity, minimum requirements, password validation, fuzz testing, privacy testing, and data access control, companies can fortify their applications against vulnerabilities, reduce the risk of data breaches, and safeguard their reputation and customer trust. In an age where security breaches can have catastrophic consequences, proactive security testing is not just a best practice; it's a business imperative.   The International Software Testing Qualifications Board (ISTQB) addresses various aspects of software testing, including security testing, process, and design considerations.  
  1. Security Testing: ISTQB recognizes the critical importance of security in software applications. Security testing focuses on identifying vulnerabilities, weaknesses, and potential threats within the software. This encompasses evaluating how well the software can withstand external attacks, secure data, and protect against breaches. ISTQB provides guidelines and best practices for security testing to ensure that testers can assess the software's resilience against cyber threats effectively.
  2. Process: ISTQB emphasizes the need for standardized testing processes. It offers guidance on creating, implementing, and optimizing testing processes within software development lifecycles. This includes aspects like test planning, test case development, execution, and reporting. Following standardized processes helps ensure consistency and reliability in software testing, resulting in higher-quality software products.
  3. Design: In software testing, design considerations are crucial for creating effective test cases. ISTQB provides principles and techniques for designing test cases that cover various aspects of software functionality, usability, performance, and more. Test case design ensures that the software is thoroughly and systematically tested, helping to detect and report defects more efficiently.

security testing Testing
Read More
Work inquiries

Questions? Get in touch.

Contact Us
London 86-90 Paul Street,
EC2A 4NE
QA Bound
[email protected]

Copyright © 2022 QA Bound