Security Products
Showing results for 
Search instead for 
Do you mean 

The Slow Death of Manual Testing

jhaddix ‎06-04-2014 11:48 AM - edited ‎08-03-2015 06:46 AM

We’ve seen the future and the future is scary...2014-06-04_11-51-21.png


If you pay attention to the security industry at the moment, you find that a lot of other businesses in the industry are going the route of enterprise security management service providers.


Managed services allow organizations to outsource management and operations of security functions to other companies. This makes a ton of overhead and work disappear for the customer, which is great. It also allows on-demand availability of services and usually can tie into custom organization metrics or provide security analytics that are essential to clients. This is all great stuff. 


The thing that alarms us is a shift in testing type that most companies are following. We've seen many shops moving away from manual testing to fully automated testing to facilitate being a managed service provider.


2014-06-05_1-36-30.pngThere are several arguments for automated versus manual testing when it comes to web/mobile applications. There is even more conjecture when it comes to dynamic and static security analysis. The bottom line is that in order to have a successful security assessment you need to have both. Research shows a purely automated tool can miss critically important things like logic vulnerabilities, deeply hidden application functionality, and often has no context of what application specific sensitive content is. 


One thing that Fortify on Demand has always been very cognizant of is the role of the manual tester in a managed service provider model. Our testers truly “think like a bad guy.”


We cut our teeth on being a managed service before many other companies even thought about it. When Fortify on Demand was created we folded in all aspects of our groups together to make a service that didn't lose any of the power of the manual tester along with the automation and speed of the managed service. 


That's why Fortify on Demand employs a huge team of manual testers that both validate and go beyond what its flagship products Fortify SCA and WebInspect do. Every assessment is handled by a security engineer and validated. In our premium services we perform a full manual methodology covering web/mobile/static analysis/penetration testing.


When shopping for an assessment service, make sure your assessments are augmented by professionals. Bad guys don’t stop at running a scanner on your site, neither should your service. 


As always, feel free to reach out to us here at Fortify on Demand at with any questions via Twitter (@hpappsecurity) or via email  (fodsales(at)  We'd love to hear your questions or comments about our manual testing and how it affects your organization.




About HP Fortify on Demand


HP Fortify on Demand is a cloud-based application security testing solution. We perform multiple types of manual and automated security testing, including web assessments, mobile application assessments, thick client testing, ERP testing, etc.--and we do it both statically and dynamically, both in the cloud and on-premise.

About the Author


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all