Security Testing – Beware Of The Risks And Prevent Catastrophe
When it comes to software development, security testing should be taken seriously.
Adobe found this out the hard way in 2013, when one of the biggest hacks in history resulted in the loss of 153 million account details. Hacked information included usernames, email addresses, credit card details, and encrypted passwords. Analysis showed Adobe had been using some questionable encryption techniques, particularly where passwords were concerned. Passwords, in particular, shouldn't be encrypted, and instead, should be 'hashed' and 'salted' (an explanation for that here). If Adobe had, perhaps, adequately tested for security flaws in its software, this data breach wouldn't have made for such damaging global headlines.
So what is security testing?
Security testing is where testers check an application or software product using specialised tools and manual penetration techniques to identify whether it’s secure or not. It's about making sure that in the event of a malicious attack, your product is covered. Security testing helps to identify if your product is vulnerable to attacks or whether it's easy for people to hack into your system and breach your data. Putting security testing measures in place helps to determine if your product protects its data, while also functioning as intended.
Why security testing and risk management are important
Failing to properly test the security of your software can open up both your software and business to huge risks. Depending on the nature of your business or product, you could experience a huge number of attacks on, or breaches of, your software. Data could be lost or stolen. Hackers could find their way into your software. Or unauthorised users could gain access to confidential areas of your product. Worse still, you could experience system-wide security failures.
These risks, when realised, can result in lost revenue, customer dissatisfaction, data inconsistencies, or even legal issues.
In my full article, I outline the six key security areas that may require testing. I identify other security measures that could help protect your software product. Finally, I look at how crowdsourced testing can help mitigate these risks. To read the full article, click here.