How to Automate SaaS and Low-Code Application QA Testing

Quality assurance automation engineers test applications developed in-house, from legacy monolithic applications to cloud-native applications that leverage microservices. Typical mission-critical applications require unit testing and code reviews at the code level, API testing, automated user experience testing, security testing, and performance testing. Best devops practice is to automate the execution of these tests and then select the optimal subset for continuous testing within a continuous integration and delivery (CI/CD) pipeline.
ⓒ Getty Images Bank

But how do we deal with applications and workflows, integrations, data visualizations, and user experiences made up of software-as-a-service (SaaS) platforms or low-code development tools or no-code platforms that empower citizen developers to develop? Does the fact that little or no code is used allow workflows to function as needed, data processing to corporate requirements, security configurations to company policies, and performance to meet user expectations?

This question reminds me of my high school calculus teacher. The teacher said, “Simply making assumptions makes me and you laugh.” If we apply this word to the case of SaaS, low code, and no code, if we vaguely assume that the app will work as requested without a test plan, it can lead to the following problems.

• Stakeholders may experience embarrassing situations as a result of unexpected results
• Create security holes exposing data to the public or to employees who do not have access to it.
• Data issues that can propagate to other integration workflows and customer experiences
• Performance issues when scaling applications to large numbers of users and larger data sets
• IT department dissatisfaction with application rebuild and solution development instructions

So, what to test? How can you test these apps without access to the underlying source code? Where should IT prioritize testing, especially given the shortage of QA engineers in many devops organizations?

Some experts have answered this question.

You should start with defining and implementing agile acceptance tests.

LaunchDarkly CTO John Kodumal emphasized that acceptance testing should be applied to all applications supported by IT, not just those that require software development. “In a typical SaaS model, the development department does acceptance testing as part of the release testing process,” says Kodumel.

Defining business and user acceptance tests is an important starting point. This is because most SaaS and low-code/no-code applications require configuration and implementation can follow Scrum or other agile methodologies. The agile approach involves writing requirements as user stories with documented acceptance criteria. Agile departments must manage the agile user stories, such as the small functional contracts and non-functional requirements of the enterprise.

Defining acceptance criteria is an important first step. Even for SaaS applications that require no coding or only limited configuration, you should follow these steps.

But suppose the IT department is not responsible for defining acceptance criteria and automating tests. In this case, the lack of testing creates a risk, or the business unit takes over the testing. In either case, the situation is not very good. IT departments should be responsible for driving implementation, including testing functions.

Low code/no code requires business logic testing

The low-code/no-code platform provides a layer of abstraction and simplifies the process of developing, supporting, and improving applications. But even with such a platform, you still have to code business logic, configure workflows, define data processing rules, and choose access roles. Although the platform simplifies the task, there is also the risk that the developer may implement the logic incorrectly or have no idea how exactly to meet the requirements on a low-code/no-code platform.

Kodumal adds that testing imposes two additional responsibilities. “Testing low-code solutions focuses on testing two things. One is to test the business logic expressed by the low-code user, and the other is to test the proper operation of the structure supporting the low-code solution. These two types of testing ensure that the application is performing up to end-user expectations.”

You can test your business logic using tools that capture user interactions through the browser and automate these flow tests. Testing the infrastructure may require a review of data models, permissions, forms, reports, and automation to ensure that they meet standards and pose no risk.

“An effective way to test SaaS and low-code applications is to perform basic input and output validation,” said Andrew Clark, CTO, Monitaur. “You have to create a matrix of key events and actions that the system must perform, set up test cases to verify that the system is behaving as expected.”

Rosaria Sillipo, head of data science evangelism at KNIME, goes a step further, arguing that no-code/low-code applications should follow similar testing standards. “Low-code applications should be accompanied by their own set of tests that follow the same guidelines as code-based applications, such as unit tests, golden tables, and graceful shutdown,” says Sillipo. “Building a web service with no failure code to respond to in the event of an error or a web application with no graceful shutdown is just as unprofessional as a code-based application.”

Using a low-code testing platform and machine learning

Although developing with low-code/no-code speeds up the development process and makes improvements easier, devops departments still have to do testing and configuration reviews.

The good news is that QA engineers can develop their tests with a low-code test platform. “In low-code testing, the process of writing and maintaining test scripts using advanced AI/ML techniques is done by machines,” said Ram Shanmugam, CEO, AutonomIQ, Sauce Labs. This can save a lot of time and money, and it also reduces reliance on automation engineers by allowing typical developers, even non-developers, to create test automation scripts. Ultimately, testers can now focus on the business requirements of the software and ensure that user intent is preserved.”

How low-code and SaaS platforms automate testing

Can user experience and business logic, data processing, and configuration testing of SaaS or low-code applications be sufficient to verify quality, reliability, and security?

Overall quality also depends on how low-code platforms or SaaS vendors test their technologies and manage the underlying cloud services and infrastructure. Most platform vendors publish security certifications such as ISO, SOC, GDPR, PCI, and FedRamp, service levels, and proof of compliance. Major vendors also publish release schedules, release notes, known defects, service level history, and webpage access to check uptime status. However, few vendors provide details on architectures, development standards, and test methods.

I spoke with Martin Laporte, vice president of research and development at Coveo, about how to test and deploy it. “In a world where SaaS platform components are updated multiple times a day, observability is key to detecting changes such as increased error rates or fluctuating response times,” Raport said. Whenever an anomaly is detected, the rollout should be aborted and an automatic rollback to the previous healthy version should occur.”

These are tough criteria for how often to deploy and how to test, and what to look for when looking for SaaS and low-code platforms. This level of testing, complemented by the development department’s test automation efforts, helps to lower the risk of deployment, especially for applications that require high reliability. [email protected]

Source: ITWorld Korea by

*The article has been translated based on the content of ITWorld Korea by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!