Electric Power Finland Oy specializes in demanding tasks related to electricity distribution, testing, commissioning, railway work, and substation construction. EPF also provides expertise in the field. The company serves clients across Finland, including power plants, energy companies, hospitals, industrial facilities, data centers, ports, and railway infrastructure. Prove conducted both security testing and investigative testing on Electric Power Finland Oy's web-based prototype of the EROCS application.
EROCS, or EPF Railway Online Controlling System, is designed to streamline the control of train switches in private railway yards. The product is intended for train drivers who can use mobile devices to control train switches without leaving the train for manual switch operation. This enables train drivers to easily manage the route and plan a faster and more efficient journey. EROCS was developed as part of a project funded by Business Finland.
A Security Certificate is Crucial for Continued Marketing
Heikki Niemelä, the main designer of EROCS and a software designer at EPF, mentions that the security testing of the application focused on the user interface. In security testing, Prove's testers attempted actions such as unauthorized access to the system using incorrect credentials and probing for additional information.
"In investigative testing, testers executed various usage scenarios that we hadn't considered in the project. They performed tests physically in our office with a switch operator, attempting to make the system work in unintended ways. This is where the true value of an external tester, who understands the system broadly and can identify potential security gaps, vulnerabilities, or usability issues, comes in," Niemelä explains.
"An external tester always extracts more value than an in-house one."
External testing was not initially a project requirement, but Niemelä, based on experience, knew the clear benefits for the client in having an external party conduct the testing.
"An external tester always extracts more value than an in-house one. Moreover, when working in the railway industry, it's essential to obtain a security certificate from testing. It is crucial for continued marketing," Niemelä states.
From a security perspective, EROCS was found to be a robust solution, with a few typical prototype issues that needed fixing. In investigative testing, a few bugs were discovered, known to exist but left unaddressed for strategic reasons. Additionally, the testing provided improvement suggestions and initial user experiences.
"There was no immediate danger based on the testing results. However, after making the necessary corrections and further development, a retesting round will be required," Niemelä says.
Prove's testing process is easy and painless for the customer
Kia Tupitsa, a project assistant in the EROCS product development project, observed the testing process with interest. Although she studies computer science, she had not gained practical experience in testing.
"I had a general idea of how things work, but now I saw it with my own eyes and learned a lot. It was also nice to notice that the collaboration worked well. Testers were enthusiastic about testing. Of course, I don't have a basis for comparison on how things go if it's poorly handled," Tupitsa says.
"It's usually a bit more painful," Niemelä adds. "Testing is generally much more time-consuming. However, with Prove, the testing process was very smooth. Throughout the whole process, there was only one problem, and that was due to the operator."
Both Tupitsa and Niemelä also commend the effective communication of Prove's team and recommend Prove's services to those involved in product development and self-maintaining product development.
"You need to have something concrete to test and precisely that foundation to experiment with, Prove works very well in that regard," concludes Niemelä.