Video: The Risk Of Using SaaS Solutions For Cross Browser And Mobile Testing

‍

In this video we’ll look at why using a SaaS solution for cross-browser and mobile testing in your enterprise can pose a huge security risk.

Testing applications with different browsers and browser versions is essential. But to build a browser and mobile testing infrastructure is time-consuming, expensive, and requires highly specialized resources. That's why many companies turn to SaaS solutions available in the market. They provide a rich feature set and cover a big selection of browsers and mobile devices without the hassle of having to build and maintain the test infrastructure yourself. 

So, overall, SaaS solutions are great products, but they all have one common problem: They are outside of your firewall and your corporate network and THAT can be a BIG problem. 

Let's have a closer look at how testing works.

In this case, the application you want to test is outside of your firewall or is publicly available on the internet. You are inside your corporate firewall and the SaaS solution is outside of your firewall. You send a request, the SaaS provider starts a browser in their data center, and the browser will access your application to be tested. This is the easy case. 

It gets more tricky when the application to test needs to be behind your firewall. You send the request to the SaaS provider. The browser from the SaaS provider tries to access your application, but that request will be blocked at the firewall level. So with this setup, it's not possible to execute the test using a SaaS testing platform. 

So how can you overcome this issue? 

One option could be to open up your firewall to the SaaS provider, but that's typically not approved by your security team as they don't want a third party to access the corporate network since that would create serious security problems. 

So what are the other options? 

One option that most SaaS providers offer is something called tunnelling software. You need to install the tunnel software on your machine. Then you establish the tunnel between your machine and the SaaS provider. Through that tunnel, the SaaS provider can access your local machine and also the application under test, which is what you wanted to happen in the first place. But this creates a huge problem! 

The SaaS provider now also has access to EVERYTHING that your machine has access to. So, if your machine has access to other internal systems, which in most cases it does, then the SaaS provider now also has full access to them. 

With the tunnel, you have essentially removed the firewall between your corporate network and the SaaS provider. The SaaS provider now has full access to everything that you have access to. This is clearly not an ideal scenario, and poses a serious liability for your company! So, whatever you do, don’t fall for the VPN-tunnel approach!

Fortunately, there is an alternative for a secure cross-browser testing and mobile execution testing platform: SBOX runs inside your corporate network, eliminating the issues described earlier.

This means: No tunnels, No VPNs, nor any other external access is required. 

With SBOX, you’ll get all the benefits and functionality of a SaaS solution, but running behind your firewall, and therefore with no security risks. You’ll be able to test your applications without any security or compliance concerns (and your security team will love it)!