Why you should combine Performance and Security Testing
Short turnaround cycles are more important than ever before.
New business requirements must be implemented within weeks to address upcoming trends and maximize return on investment quickly. While development time for such fast-line projects can hardly be shortened, test duration is typically reduced to the absolute minimum.
However, based on my experience you should choose a risk-based testing approach and tailor your testing strategy to risk reduction. Depending on the data being used by your application, functionality, security and performance need to be tested prior deployment on production.
Automated regression tests will help to reduce risk in the core business functionality. Performance engineers should analyze communication patterns and verify response time requirements. I recommend teaching your non-functional testing specialists to focus also on security concerns such as plain text passwords being sent in request parameters or forbidden external links being called from your application.
Keeping this in mind, performance testers will kill two birds with one stone.