Isn't testing of enterprise apps focused on functionality?

This is a learning type question, not about a specific problem at work.

The environment is testing of enterprise apps like SAP. This could be a bank, utility, telecom company which uses enterprise apps. There are business processes. Letโ€™s also assume SaaS app, so we donโ€™t need to worry about install or environment. In that case, a large part of the effort is on the business processes and making sure they work. So the focus is largely on defined functionality?

When replying, let me know if you have worked in such an environment or not.

This is not about developing software products like SAP.


My short answer is no.

Years ago I was a test coordinator of performance tests in the banking sector and transport sector. A bad performance could have a huge impact on the whole system. Sox and other compliancy rules would directly have personal consequences for the higher management.

In a healthcare company I had a target to find security issues. I found several ones. There are all kinds of privacy and healthcare regulations which had to be taken into account.

Nowadays SaaS (Software as a Service) or Low Code development (Coding mostly using form dialogs instead of programming language like Java) are used in more places. In one case I could manipulate the audit log. Because of a NDA, Non Disclosure Agreement, I cannot name the sector. In any way this issue should be addressed in all sectors.

A while ago I wrote a blog post about this security issue. All references to real companies have been changed. XML Injection For Beginners | Mindful tester