Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

The Slow Death of Manual Testing

jhaddix ‎06-04-2014 11:48 AM - edited ‎08-03-2015 06:46 AM

We’ve seen the future and the future is scary...


If you pay attention to the security industry at the moment, you find that a lot of other businesses in the industry are going the route of enterprise security management service providers.


Managed services allow organizations to outsource management and operations of security functions to other companies. This makes a ton of overhead and work disappear for the customer, which is great. It also allows on-demand availability of services and usually can tie into custom organization metrics or provide security analytics that are essential to clients. This is all great stuff. 


The thing that alarms us is a shift in testing type that most companies are following. We've seen many shops moving away from manual testing to fully automated testing to facilitate being a managed service provider.


There are several arguments for automated versus manual testing when it comes to web/mobile applications. There is even more conjecture when it comes to dynamic and static security analysis. The bottom line is that in order to have a successful security assessment you need to have both. Research shows a purely automated tool can miss critically important things like logic vulnerabilities, deeply hidden application functionality, and often has no context of what application specific sensitive content is. 


One thing that Fortify on Demand has always been very cognizant of is the role of the manual tester in a managed service provider model. Our testers truly “think like a bad guy.”


We cut our teeth on being a managed service before many other companies even thought about it. When Fortify on Demand was created we folded in all aspects of our groups together to make a service that didn't lose any of the power of the manual tester along with the automation and speed of the managed service. 


That's why Fortify on Demand employs a huge team of manual testers that both validate and go beyond what its flagship products Fortify SCA and WebInspect do. Every assessment is handled by a security engineer and validated. In our premium services we perform a full manual methodology covering web/mobile/static analysis/penetration testing.


When shopping for an assessment service, make sure your assessments are augmented by professionals. Bad guys don’t stop at running a scanner on your site, neither should your service. 


As always, feel free to reach out to us here at Fortify on Demand at with any questions via Twitter (@hpappsecurity) or via email  (fodsales(at)  We'd love to hear your questions or comments about our manual testing and how it affects your organization.




About HP Fortify on Demand


HP Fortify on Demand is a cloud-based application security testing solution. We perform multiple types of manual and automated security testing, including web assessments, mobile application assessments, thick client testing, ERP testing, etc.--and we do it both statically and dynamically, both in the cloud and on-premise.

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all