Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Performance Testers Secure IT | @DevOpsSummit #APM #DevOps #Microservices
The most important thing to think about is protecting personally identifiable information

Don't Feel Insecure! How Performance Testers Can Help Protect and Secure IT

Have you heard all the buzz about the latest security breach at the Office of Personnel Management? It has caused many government workers a lot of stress - and with good reason. The personal information of more than 21 million people is now in the hands of hackers. If you've worked for the government, or had a government background check in the last 15 years, you've probably been affected.

It's a big deal, yet also just the latest in a string of high-profile identity theft cases. Remember the Target fiasco from December 2013? It was the largest retail hack in history, affecting a whopping110 million people. They only just reached a settlement to create a $10 million fund for hacking victims. This all goes to show that, while security technology continues to improve, so do hackers. It's been a trend for quite some time.

Here's why: there is great profit in hacking. Rather than putting their skills towards the overall good, some hackers spend their time, energy and talent plotting how to get rich quick off of the misery of others. You can never be too careful. Security is on everyone's mind. Not too long ago, we talked about how beefed up security impacts load testing and we want to continue the conversation. How do you keep yourself and your company safe in the age of industrial and state-sponsored hacking?

Here are a few things you must know.

Don't Take It Personally: Protect Sensitive Information
When it comes to performance testing, the most important thing to think about is protecting personally identifiable information. If it falls into the wrong hands, we know what happens. You also need to be conscious of opening holes that allow hackers to get into the network and steal personal information. Follow your corporate standards and policies for security, as well as common best practices for strong passwords. Don't take shortcuts, as tempting as it can be. Keep these tips in mind when focusing on security:

1) Always Use Dummy Data for Testing Purposes
Never scrape names or credit card numbers from real users on your website and use them to create a bunch of scripts that test load and performance. All personal information used for load testing should be dummy data and not even remotely identifiable. That doesn't just mean eliminate names. Identities can be exposed even from metadata. Instead, invest in a dummy data generator. Be smart, and treat customer data as if it were your own.

2) Play It Smart in the Cloud
Companies tend to be more cautious when operating in the cloud. Conducting load testing from the public cloud is a great idea, but just make sure that you do it right. Remember, cloud based companies spend a lot of money on security and have entire teams monitoring security infrastructure all the time, and they probably have better resources at their disposal than you do. However, it's always a good rule of thumb to make sure that sensitive data never leaves the machines it was intended for. So keep that information out of the cloud when doing performance testing.

3) Communicate with Your Operations and Security Teams
If you conduct lowd testing from the cloud, work with your operations team to make sure that they know where your traffic will be coming from. Think about how they would react upon seeing a lot of network requests coming from cloud servers across the world. They may think it's a DDoS attack when in fact it's just your cloud-based load generators operating an organized test. They could accidentally do something that messes up your test and ruins hours of data gathering and monitoring. Don't distract them from their real job of finding and stopping the bad guys. Focus on working with them to put proper controls and identification parameters in place.

4) Control Any Public Tests
You will often need to test new software for performance with real users on live systems. This is often done publicly as part of a public beta or as an A/B test. Any public beta software should be shut down when no longer in use as these tests may not be fully vetted from a security perspective. Keep exposure brief and monitor it closely. When the test is complete, remove access instantly. You don't want a security hole to be discovered in temporary software that's a year old and not in use. For hackers, that looks like a pretty tempting access channel.

5) Keep All Software Patched and up to Date
Bring anything public-facing to the attention of your security team. They have processes to monitor software, update it, and control the environment. Check regularly for out-of-date apps that may contain active vulnerabilities, as unpatched software is one of the easiest ways for hackers to gain access to your systems.

Security First and Always
With all the recent hacks and security breaches, just discussing your security plan can be intimidating enough to put it off. Remember that the secret to security in performance testing is in the planning. With these tips in mind, you'll be well on your way to developing a security plan that protects the personal data of your company and users.

Photo: Pixabay

About Tim Hinds
Tim Hinds is the Product Marketing Manager for NeoLoad at Neotys. He has a background in Agile software development, Scrum, Kanban, Continuous Integration, Continuous Delivery, and Continuous Testing practices.

Previously, Tim was Product Marketing Manager at AccuRev, a company acquired by Micro Focus, where he worked with software configuration management, issue tracking, Agile project management, continuous integration, workflow automation, and distributed version control systems.

Latest Cloud Developer Stories
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mo...
The cloud era has reached the stage where it is no longer a question of whether a company should migrate, but when. Enterprises have embraced the outsourcing of where their various applications are stored and who manages them, saving significant investment along the way. Plus, th...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSy...
The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to deep and abiding love. But as with any long-term affair, the honeymoon soon leads to needing to live well together ... and maybe even getting some relationship help along the...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compli...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE