WHITEPAPER
May 14, 2018/in Whitepaper /by GB Tech
The number of conscious companies increases every year, with the trend even impacting how business takes place. Many people have looked at the results of the popular business philosophy that calls for profit above all else, and have decided the pendulum needs to swing back.
In other words, it’s becoming more important for companies to be extremely conscious of the impact their actions have on business and society.
And, as a result, secure application development is now more important than ever before. With the number of security breaches on the rise, and hackers working harder to access the growing amounts of private information stored online, developers must take security testing seriously on every project.
IS IT ETHICAL TO DELIVER APPLICATIONS WITHOUT EFFECTIVE SECURITY TESTING?
In today’s hackable environment, secure software application development – or lack thereof – raises an ethical question. The consequences of poor software security bring this issue into sharp focus.
- In 2017, IBM sponsored the 12th annual Cost of Data Breach Study conducted by Ponemon Institute. Globally, the study found that the cost of a data breach dropped 10 percent over 2016 numbers, yet the cost of a data breach in the U.S. rose 5 percent to $7.35 million. The study figures include costs related to responding to the breach, damage to reputations and lost business.
- Companies of all sizes are not only vulnerable, but in jeopardy. SMBs sometimes assume that only large corporations need to worry about data breaches.
“Hackers have already attacked half of the 28 million small businesses in the U.S.”
– CNBC
- The number of municipal, state and federal government attacks is growing. For example, a ransomware attack in March 2018 disrupted several critical services in the city of Atlanta, including the judicial system and police department.
- The Equifax data breach in 2017 has continued to grow in severity. Some of the latest numbers indicate that the massive breach impacted roughly half the U.S. population, or 147.9 million consumers. There’s little disagreement about whether consumer confidence in Equifax has taken a huge plunge.
- The European Union is starting enforcement of its General Data Protection Regulation (GDPR) in May 2018. It will have a long-term impact on data security issues around the world. Companies are scrambling to update their data security and privacy policies and to ensure their systems align with the new Regulation.
Given the problems that continue to occur, no software developer can ignore the repercussions of less-than-stellar security for both themselves and their clients.
TYPES OF SECURITY TESTING
Fundamentally, you need to do software security testing from seven different perspectives. Each type of testing is designed to address specific security risks.
Risk Assessments: Risk assessments are designed to identify potential risks that could occur. The assessment is intended to 1) identify the risk, 2) determine how to reduce the impact of the risk, 3) reduce the likelihood of the risk occurring, and 4) monitor risks.
Security Scanning: This process focuses on identifying network and system weaknesses and developing solutions to reduce the risks.
Vulnerability Scanning: This test uses automated software to scan a system to find known vulnerability signatures. It also implements fixes to eliminate the vulnerabilities.
“62% of the businesses have apps or are in the process of building one”
– Small Business Trends
Penetration Scanning: Penetration scanning takes finding vulnerabilities to a higher level. Rather than stopping upon the discovery of vulnerabilities, the penetration tester will exploit the vulnerability to discover how a hacker could take control of the system.
Ethical Hacking: Testers attempt to penetrate the applications and systems in the same manner a criminal hacker might try.
Security Auditing: Regular auditing of applications and systems works to identify security flaws.
Posture Assessment: This term refers to the use of scans, ethical hacking and risk assessments to illustrate an organization’s overall software and system security posture.
THE ADVANTAGES OF SOFTWARE TESTING AS A SERVICE
Companies that provide software testing as a service help their clients by providing the type of focus on software security that’s required in today’s environment. Putting specialists to work for your security testing provides a number of benefits.
The Advantage of a Fresh Perspective: It’s difficult for developers to spot security flaws in their own work. Additionally, specialists may be able to identify the critical security features you overlooked in the flurry of development.
Access to the Latest Approaches: Testing specialists focus on staying up-to-date with the latest security testing technologies and techniques. The quality of the software that results from this type of testing is typically higher than when multitasking developers do their own testing.
Unbiased Test Results: Testing specialists look at the software from a completely different perspective. They don’t tarnish their opinion by knowing the history of the development effort. It’s the best way to get unbiased and accurate test results.
Cost Reduction: Hiring and maintaining a talented software testing team represents a significant investment for any company. Software testing as a service gives your team the opportunity to stay focused on your core competencies and still meet tight deadlines.
WHERE DO YOU STAND?
Whether to produce secure applications is a choice every organization must make. There are many security risks. However, there are also many things you can do to ensure the quality and security of the applications you develop.
If you’re not putting security issues above functional and performance issues, you may be contributing to security breaches in a world already inundated with serious security problems.
Talk to the pros. We can help you ensure complete security within your applications.
