Comentários do leitor

Security Testing - The All Important Underpinning For Businesses

"Rosella Coombe" (2019-11-25)


4 months agoA single act of data theft can ruin all that in a matter of hours or days leaving the company bruised and many-a-times impossible to recover. To avoid such unforeseen dire scenarios security testing of products and systems producing those products should be made mandatory. Moreover, as cyber criminals are finding newer ways of breaching the firewall it is incumbent upon enterprises to update their software security testing mechanisms from time to time in order to safeguard their assets and reputation from the probable next breach.

As the interconnected digital world envelops almost every sphere of our lives - be it in homes, banks, retail, healthcare, travel, entertainment, and 랜섬웨어 토렌트 many more, making our lives easy, the threat of cyber crime involving data theft looms large. Not a day passes when news reports do not show individuals and enterprises falling victim to such crimes. The resultant losses due to such crimes in terms of money, trust, and brand value are staggering indeed.

Given that the future will be increasingly dictated by IT or related ecosystems such as IoT, it becomes important for everyone - individuals, companies, and governments to not only be aware of the threats, but also put in place robust data security measures. In fact, considerations of cutting costs should not come in the way of building such security measures for any laxity on this count can lead to catastrophic outcomes.

To prevent enterprises from falling prey to data breach security testing of systems, applications, and products should be carried out by identifying the vulnerabilities or flaws in the existing security set up. The imperative of such a testing has grown manifold as online transactions have become the order of the day and incidences of data thefts can lead to:


Erosion of customers' faith in the brand or product

Financial loss to the company owing to compensating customers and meeting other penal requirements

Recovery cost for reshaping and rebuilding the security paraphernalia
The types of threats can vary - from innocuous to lethal


SQL Injection

Unauthorised entry into a secured system

Identity theft

Hacking of passwords

Threat of Cross Site Scripting

Denying legitimate users of services
Security testing experts have their tasks cut out while approaching software security testing.

Risk Assessment: The objectives of business, the product range, needs and product usage patterns of clientele or end customers should be studied and areas where data breach can occur should be identified.

Identification of types of threat: Apart from identifying vulnerabilities in the system a threat profile should be made where types of threat like SQL Injection, XSS, and Identify theft etc., are to be defined.

Simulation of threats: The best way to identify vulnerabilities in the system is to attack the system for data breach.

Analysing applications to be tested: The requirements of applications undergoing software security testing should be kept in place. These include information related to the system, network, operating system and hardware.

Identification of security tools: Besides setting up of manual security modules, automatic security testing tools should be used as well. These are Browser Exploitation Framework, Brakeman, Flawfinder, Wireshark, Vega etc.

Retest the fixes: Once the software security testing gets carried out and flaws are fixed, they should be retested for any underlying vulnerability.

Conclusion: Security testing should not be a one time activity, as online threats come in new avatars. Hence, enterprises must always be on guard to prevent the next breach.

Michael works for Cigniti Technologies, which is the world's first Independent Software Testing Services Company to be appraised at CMMI-SVC v1.3, Maturity Level 5, and an ISO 9001:2008