Testing applications with different browsers, browser versions and mobile devices is essential. To build (and maintain) this kind of infrastructure yourself however is very time consuming and expensive.
The common solution
That's why there are plenty of well-known SaaS solutions in the market (which we won't explicitly name here).
They provide a rich experience and a big selection of browsers and mobiles without the hassle of you having to build and maintain the infrastructure yourself.
The common flaw
Let's be clear. SaaS solutions are great products. But they all have one common flaw. They are outside of your firewall and your corporate network.
The easy case
Let’s have a closer look.
It is fairly simple when the application you want to test is outside of your firewall or internet facing
You are inside your corporate firewall
The SaaS solution is outside of your firewall
You send a request, the SaaS provider starts a browser in their data center
and the browser will access your application under test
The common case in enterprises
It gets more tricky when the application to test is behind your firewall.
You send the request to the SaaS provider. The browser from the SaaS provider tries to access your application, but that request will be blocked at the firewall level.
So with this setup it is not possible to execute the test
A possible solution?
How can you resolve that?
You could open up your firewall to the SaaS provider. But that's typically not approved by security as they don't want a third party to access the corporate network.
So, what other option is out there?
TUNNELS
All SaaS providers provide a so called tunneling software.
You need to install the software on your machine. Then you establish the tunnel between your machine and the SaaS provider.
Through that tunnel the SaaS provider can access your local machine and also the application under test - which is what you wanted to do in the first place.
The big security issue
Wait a minute...
The SaaS provider now also has access to EVERYTHING that your machine has access to.
And if your machine has access to other internal systems - which is very likely - the SaaS provider now also has FULL access to that.
With the tunnel you have essentially removed the firewall between your corporate network and the SaaS provider. The SaaS provider has full access to everything that you have access to.
In case this is too risky for your organization and to find out more about running tests securely and fully contained inside your own environment please contact us at Element34 Solutions.
Top comments (0)