Bionic Uncensored Ep #2

Bionic Air: Component vs Holistic Testing

Bionic Air

You’re probably thinking what the heck is Bionic Air. Why is there an airplane? 

I was talking to someone the other day, and they gave me kind of an interesting point of view associated with what Bionic is doing for teams. The airplane is going to be used as an analogy.

Airplane Analogy

When an airplane manufacturer builds an airplane, they perform different testing on the components of the airplane individually. 

They focus on: 

  • How the landing gear works as an entity
  • How the cockpit controls work as an entity
    How the slats and rudder all work independently

They ensure that all of these parts individually work correctly. But then, the test pilot is responsible for testing the whole operation of the airplane itself.

Application Context

Thinking about our airplane analogy and putting an application lens on it, applications are typically a function of multiple things happening at the same time. You have a portal, a database, an analytics app, a dispatcher, and a third-party connection via an API.

Just like the airplane engineers, application security teams are focused on testing individual pieces, the dispatcher, the analytics, the connection to the database, the third-party aspects or the open-source APIs.

However, just like a test pilot, just like somebody taking out an airplane that needs to work altogether, they need to focus on the entire ecosystem of the application.

This is a crucial part of application security and is something that is very much missed in organizations today.

Final thought

Much like an airplane, think about testing the whole ecosystem, not just the cockpit controls or the landing gear or the slats or the rudder. Test the interaction, not just the individual component.

See for yourself

Visualize every architecture drift, security risk, and compliance violation that each code change introduces, in real-time.