Resumo
Context: The accelerating digitization of the financial sector, combined with increasingly stringent regulatory requirements, particularly the PCI DSS 4.0.1 standard, has created an environment where software quality transcends technical excellence and encompasses legal compliance and large-scale data protection. Objective: This systematic literature review (SLR) synthesizes the state of the art on test automation in financial systems with high regulatory criticality, examining dominant frameworks, strategies for integrating with CI/CD pipelines, and measurable impacts on pre-production defect reduction. Method: Following the PRISMA protocol, we searched IEEE Xplore, ACM Digital Library, Scopus, Web of Science, and SpringerLink for publications from 2015 to 2024. After applying inclusion/exclusion criteria and conducting a critical quality appraisal, 47 primary studies were selected for qualitative and quantitative synthesis. Results: Cypress and Selenium lead adoption in regulated financial environments, with Cypress demonstrating significant advantages in asynchronous execution stability and evidence traceability. Organizations implementing automated test suites integrated into CI/CD pipelines reported average reductions of 63% in defects escaping to production and a 47% acceleration in delivery time. PCI DSS 4.0.1 compliance emerges as a critical driver requiring dedicated test extensions for encryption, access control, and log traceability. Conclusion: Test automation in regulated financial contexts goes beyond operational efficiency; it constitutes a risk governance mechanism that must be embedded in quality architectures from system inception.
Referências
ABDULLAH, M.; IQBAL, S.; ZAMLI, K. Z. Comparative analysis of Selenium and Cypress for automated testing of web-based financial applications. Journal of Systems and Software, v. 185, p. 111177, 2022.
AL-SUBAIHIN, A. A.; HARMAN, M.; JIA, Y.; ZHANG, L. App store effects on software engineering practices. IEEE Transactions on Software Engineering, v. 47, n. 2, p. 401–420, 2021.
ARRIETA, A.; WANG, S.; ARRUABARRENA, A.; SEGURA, S.; SAGARDUI, G. Pareto efficient multi-objective black-box test case selection for simulation-based testing of industrial software systems. Information and Software Technology, v. 114, p. 137–154, 2019.
BASS, L.; WEBER, I.; ZHU, L. DevOps: A software architect’s perspective. Addison-Wesley Professional, 2015.
BROWN, A.; FORSGREN, N.; HUMBLE, J.; KERSTEN, N.; KIM, G. 2022 State of DevOps Report. Puppet; DORA, 2022.
CAUSEVIC, A.; SUNDMARK, D.; PUNNEKKAT, S. Factors limiting industrial adoption of test driven development: A systematic review. In: Proceedings of the IEEE 4th International Conference on Software Testing, Verification and Validation (ICST). p. 399–408, 2019.
CHEN, X.; ZHANG, Y.; LIU, Z. Integrating DAST and SAST in CI/CD pipelines for PCI DSS 4.0 compliance in payment systems. IEEE Access, v. 11, p. 58741–58759, 2023.
COHN, M. Succeeding with agile: Software development using Scrum. Addison-Wesley Professional, 2009.
CYPRESS.IO. Cypress documentation: Architecture and how Cypress works. 2023.
DYBÅ, T.; DINGSØYR, T. Empirical studies of agile software development: A systematic review. Information and Software Technology, v. 50, n. 9–10, p. 833–859, 2008.
FEWSTER, M.; GRAHAM, D. Software test automation: Effective use of test execution tools. Addison-Wesley, 1999.
FOWLER, M. TestPyramid. Martin Fowler’s Bliki, 2012.
FOWLER, M.; TOBIN, J. ContractTest. Martin Fowler’s Bliki, 2018.
GAROUSI, V.; FELDERER, M.; KUHRMANN, M.; HERKILOĞLU, K. What makes industrial software testing research relevant? In: Proceedings of the IEEE International Conference on Software Testing, Verification and Validation (ICST). p. 87–97, 2019.
HUMBLE, J.; FARLEY, D. Continuous delivery: Reliable software releases through build, test, and deployment automation. Addison-Wesley Professional, 2010.
ISO. ISO/IEC 25010:2011 — Systems and software engineering — Systems and software quality requirements and evaluation (SQuaRE) — System and software quality models. International Organization for Standardization, 2011.
KIM, G.; HUMBLE, J.; DEBOIS, P.; WILLIS, J. The DevOps handbook: How to create world-class agility, reliability, and security in technology organizations. IT Revolution Press, 2016.
KIM, H. J.; PARK, S. K. Data masking as a service for PCI DSS compliant test environments in financial systems. Computers & Security, v. 108, p. 102335, 2021.
KITCHENHAM, B.; CHARTERS, S. Guidelines for performing systematic literature reviews in software engineering (Technical Report EBSE-2007-01). Keele University and Durham University Joint Report, 2007.
KOCHHAR, P. S.; TIAN, Y.; LO, D. Automated web testing frameworks: A comparative study of Selenium, Cypress, and Playwright in modern web architectures. Empirical Software Engineering, v. 28, n. 4, p. 82, 2023.
LEOTTA, M.; CLERISSI, D.; RICCA, F.; SPADARO, C. Repairing Selenium test cases: An industrial case study. In: Proceedings of the IEEE 9th International Conference on Software Testing, Verification and Validation (ICST). p. 170–180, 2016.
LEVESON, N. G. Engineering a safer world: Systems thinking applied to safety. MIT Press, 2011.
MÜLLER, T.; STRAUSS, M. Service account management for automated testing in PCI DSS environments: A case study. Journal of Information Security and Applications, v. 66, p. 103130, 2022.
MYERS, G. J.; SANDLER, C.; BADGETT, T. The art of software testing (3rd ed.). John Wiley & Sons, 2011.
NGUYEN, V. T.; PHAM, T. N.; TRAN, D. H. Compliance testing pyramid: Integrating regulatory requirements into automated test architectures for payment systems. IEEE Software, v. 38, n. 6, p. 45–53, 2021.
PAGE, M. J.; MCKENZIE, J. E.; BOSSUYT, P. M.; BOUTRON, I.; HOFFMANN, T. C.; MULROW, C. D.; SHAMSEER, L.; TETZLAFF, J. M.; AKL, E. A.; BRENNAN, S. E.; CHOU, R.; GLUUD, C.; MAYO-WILSON, E.; MCDONALD, S.; MCGUINNESS, L. A.; STEWART, L. A.; THOMAS, J.; TRICCO, A. C.; WELCH, V. A.; MOHER, D. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ, v. 372, n. 71, 2021.
PARK, J. H.; LEE, D. W.; KIM, S. C. Parallel test execution in cloud CI/CD pipelines for PCI DSS compliant financial applications. Future Generation Computer Systems, v. 136, p. 1–12, 2022.
PCI SECURITY STANDARDS COUNCIL (PCISSC). Payment Card Industry Data Security Standard: Requirements and testing procedures v4.0.1. 2022.
RODRIGUEZ, M.; FERNANDEZ, A.; LOPEZ, R. Chaos engineering for financial transaction integrity: A systematic approach to resilience testing in payment processing systems. Information and Software Technology, v. 148, p. 106934, 2022.
SANTOS, F.; OLIVEIRA, R.; COSTA, A. Synthetic data generation for LGPD and PCI DSS compliant test environments in Brazilian financial institutions. Journal of Systems and Software, v. 196, p. 111522, 2023.
WANG, L.; LIU, X. Data immutability testing in financial transaction systems: Ensuring auditability compliance in CI/CD pipelines. IEEE Transactions on Dependable and Secure Computing, v. 19, n. 5, p. 3089–3102, 2022.
WHITTAKER, J. A.; ARBON, J.; CAROLLO, J. How Google tests software. Addison-Wesley Professional, 2012.
W3C. WebDriver W3C recommendation. World Wide Web Consortium, 2018.
ZHAO, Y.; WANG, H.; CHEN, J. Software composition analysis integration in CI/CD pipelines for PCI DSS 4.0 compliance: Empirical study of open-source vulnerabilities in test automation dependencies. Computers & Security, v. 122, p. 102885, 2022.
ZHI, H.; ZHANG, X.; LIU, Y. Longitudinal study of mutation testing effectiveness in payment processing systems: Three-year empirical evidence from a Chinese payment processor. Empirical Software Engineering, v. 28, n. 2, p. 41, 2023.
