How to decide if you need security testing for your software?
Santhosh Tuppad
Skilled Exploratory Tester, Application Security Expert & Rapid Software Testing Practitioner for Web & Mobile Applications, OWASP Cheat Sheet Contributor, International Keynote Speaker ? ?? ????
Do you hate nightmares? If you do, then please continue reading it as you are possibly one of the target audience for security testing services. Typically, many start-ups or organisations do not test their software for security. Most of the times organisations are only bothered about functional aspects, while; usability & accessibility are used as add-ons (UK, Europe and US customers probably care about a11y). Long ago, there were very few hackers in 90s however, nowadays we have handful of them who always want to breach the security for whatsoever reasons. Irrespective of any reason, as an organisation it is important to safeguard the sensitive data.
I recommend to have mix of tool-assisted and brain-assisted ethical hackers who are always in hunt for security vulnerabilities. It is important to accept the fact that, there cannot be fool-proof secured applications, but better tested applications where testers make a better effort in building a firewall against the hacks from unethical hackers.
Here is a questionnaire for you to decide if you need security testing services,
- Can you afford to lose your customers?
- Can you afford to lose to your competitors?
- Can you afford to have down-time?
- Can you afford to have bad reputation via social media?
- Can you afford to get sued?
- Can you afford to pay hefty amount for hosting for non genuine usage? (Cash overflow attack)
- Can you afford to go out of business based on critical vulnerabilities?
- Can you afford to face the questions by media?
- Can you afford to face lawsuit?
- Can you afford to have negative propaganda about your company / brand?
- Can you afford to compromise with the privacy of your customers data?
If the majority answers were "NO", then you are eligible to get your software tested for security.
Now, I also understand that there could be budget constraints and you may not be able to hire cool security testers for testing your software; but I also believe that there are software testing firms (Example: Test Insane. I can quote only about my start-up because I do not know the rate cards of other software testing firms) who can understand your context and help you to get your software tested for security in the budget you may have. It's always the discussions that help to do better.
And before I put an end to this article, I want to say “If you care about having a happy & peaceful world, it's important to take care of security of your software. Remember, everything is connected and we can contribute to the peace through software by making them secure in good enough mannerâ€.
What do you think?