Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Performance Testers Secure IT | @DevOpsSummit #APM #DevOps #Microservices
The most important thing to think about is protecting personally identifiable information

Don't Feel Insecure! How Performance Testers Can Help Protect and Secure IT

Have you heard all the buzz about the latest security breach at the Office of Personnel Management? It has caused many government workers a lot of stress - and with good reason. The personal information of more than 21 million people is now in the hands of hackers. If you've worked for the government, or had a government background check in the last 15 years, you've probably been affected.

It's a big deal, yet also just the latest in a string of high-profile identity theft cases. Remember the Target fiasco from December 2013? It was the largest retail hack in history, affecting a whopping110 million people. They only just reached a settlement to create a $10 million fund for hacking victims. This all goes to show that, while security technology continues to improve, so do hackers. It's been a trend for quite some time.

Here's why: there is great profit in hacking. Rather than putting their skills towards the overall good, some hackers spend their time, energy and talent plotting how to get rich quick off of the misery of others. You can never be too careful. Security is on everyone's mind. Not too long ago, we talked about how beefed up security impacts load testing and we want to continue the conversation. How do you keep yourself and your company safe in the age of industrial and state-sponsored hacking?

Here are a few things you must know.

Don't Take It Personally: Protect Sensitive Information
When it comes to performance testing, the most important thing to think about is protecting personally identifiable information. If it falls into the wrong hands, we know what happens. You also need to be conscious of opening holes that allow hackers to get into the network and steal personal information. Follow your corporate standards and policies for security, as well as common best practices for strong passwords. Don't take shortcuts, as tempting as it can be. Keep these tips in mind when focusing on security:

1) Always Use Dummy Data for Testing Purposes
Never scrape names or credit card numbers from real users on your website and use them to create a bunch of scripts that test load and performance. All personal information used for load testing should be dummy data and not even remotely identifiable. That doesn't just mean eliminate names. Identities can be exposed even from metadata. Instead, invest in a dummy data generator. Be smart, and treat customer data as if it were your own.

2) Play It Smart in the Cloud
Companies tend to be more cautious when operating in the cloud. Conducting load testing from the public cloud is a great idea, but just make sure that you do it right. Remember, cloud based companies spend a lot of money on security and have entire teams monitoring security infrastructure all the time, and they probably have better resources at their disposal than you do. However, it's always a good rule of thumb to make sure that sensitive data never leaves the machines it was intended for. So keep that information out of the cloud when doing performance testing.

3) Communicate with Your Operations and Security Teams
If you conduct lowd testing from the cloud, work with your operations team to make sure that they know where your traffic will be coming from. Think about how they would react upon seeing a lot of network requests coming from cloud servers across the world. They may think it's a DDoS attack when in fact it's just your cloud-based load generators operating an organized test. They could accidentally do something that messes up your test and ruins hours of data gathering and monitoring. Don't distract them from their real job of finding and stopping the bad guys. Focus on working with them to put proper controls and identification parameters in place.

4) Control Any Public Tests
You will often need to test new software for performance with real users on live systems. This is often done publicly as part of a public beta or as an A/B test. Any public beta software should be shut down when no longer in use as these tests may not be fully vetted from a security perspective. Keep exposure brief and monitor it closely. When the test is complete, remove access instantly. You don't want a security hole to be discovered in temporary software that's a year old and not in use. For hackers, that looks like a pretty tempting access channel.

5) Keep All Software Patched and up to Date
Bring anything public-facing to the attention of your security team. They have processes to monitor software, update it, and control the environment. Check regularly for out-of-date apps that may contain active vulnerabilities, as unpatched software is one of the easiest ways for hackers to gain access to your systems.

Security First and Always
With all the recent hacks and security breaches, just discussing your security plan can be intimidating enough to put it off. Remember that the secret to security in performance testing is in the planning. With these tips in mind, you'll be well on your way to developing a security plan that protects the personal data of your company and users.

Photo: Pixabay

About Tim Hinds
Tim Hinds is the Product Marketing Manager for NeoLoad at Neotys. He has a background in Agile software development, Scrum, Kanban, Continuous Integration, Continuous Delivery, and Continuous Testing practices.

Previously, Tim was Product Marketing Manager at AccuRev, a company acquired by Micro Focus, where he worked with software configuration management, issue tracking, Agile project management, continuous integration, workflow automation, and distributed version control systems.

Latest Cloud Developer Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions n...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructur...
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mis...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performa...
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE