Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Testing and Security Measures | @CloudExpo #DevOps #Agile #Cybersecurity
Security testing has always been a top priority for organizations when it comes to implementing technology

How to Address Security Measures While Testing

Cyberthreats have become more sophisticated over the years, improving methods to take advantage of software information and even completely shut down systems to hold data ransom. As a result, developers and testers must be able to ensure that their programs have the necessary protections in place to prevent attacks and keep business information safe. Here are a few tips to help teams address security measures during testing.

1. Designate an expert
Within a team there should be a person delegated to investigate and document all security measures necessary. It's this individual's job to assess requirements facing the industry the app's users operate in. For example, health care has a wide range of strict regulations like HIPAA and other legislation that dictates how patient information should be stored and secured. Nearly every sector must also contend with PCI DSS, a law that helps protect payment card information and financial data. Since most organizations accept credit and debit cards, this regulation is the most widespread.

However, it's not enough to have just one expert. TechTarget contributor John Overbaugh noted that all team members must be educated on these security needs in order to test effectively. Once team members have a better understanding of what to expect, they will be able to strategize on how to better address protection requirements using agile testing methodologies.

"The test manager plays one other important role in ensuring security measures are followed," Overbaugh wrote. "This role is to encourage, enforce and pattern compliance with internal security guidelines both of the company as well as guidelines given by the company's customers. Security is everyone's responsibility, but managers carry the duty to be examples to their teams and to ensure their teams follow security requirements."

2. Simulate attacks
As noted earlier, there's a wide variety of attacks that an organization may experience, but QA teams can prepare for these events by simulating these threats. If a known strain of malware is rising up, for example, testers should evaluate their app against this threat in a secure environment. Although real-world situations may not proceed the same way, exploratory testing can reveal a significant amount of information concerning what areas go down first and how well the app responds to certain stressors.

It's virtually impossible to plan for everything or to foresee the types of sophisticated attacks on the horizon, but it's still worth it to simulate known and emerging attacks to understand your vulnerabilities. Security Innovation Europe's Alan Pearson suggested using static and dynamic testing tools to improve security by weeding out false positives and identifying real threats. With quality testing tools, testers can better detect what areas need to bolster their protections and what steps to take to improve security overall.

3. Test after each change
Under agile operations, it's expected and even encouraged that teams will make continuous innovations to a project to enhance functionality and provide a quality experience. However, each change made also introduces a certain amount of risk that it will open up a vulnerability. Teams must do extensive testing after each adjustment to not only ensure that the app still functions as expected but that security measures continue to cover everything. Ongoing code reviews will be critical to maintaining protection and confirming that features have been configured correctly.

"It's vital that you remember that your testing environment is different to the real world: even after all your testing, unexpected errors or vulnerabilities can crop up during deployment that you hadn't anticipated," Pearson wrote. "One of the biggest risks is misconfiguration during deployment. To protect against this, you should have a dedicated member of staff overseeing deployment who is responsible for checking for any configuration errors to mitigate the risk."

Security testing has always been a top priority for organizations when it comes to implementing technology and ensuring that they maintain compliance with industry regulations. By establishing a security expert on your team, simulating attacks and testing code after each code change, groups can maintain protection throughout the application lifecycle and effectively prevent a breach. Strategies will need to constantly evolve to address current threats and vulnerabilities that will emerge in the future.

About Sanjay Zalavadia
As the VP of Client Service for Zephyr, Sanjay Zalavadia brings over 15 years of leadership experience in IT and Technical Support Services. Throughout his career, Sanjay has successfully established and grown premier IT and Support Services teams across multiple geographies for both large and small companies.

Most recently, he was Associate Vice President at Patni Computers (NYSE: PTI) responsible for the Telecoms IT Managed Services Practice where he established IT Operations teams supporting Virgin Mobile, ESPN Mobile, Disney Mobile and Carphone Warehouse. Prior to this Sanjay was responsible for Global Technical Support at Bay Networks, a leading routing and switching vendor, which was acquired by Nortel. He has also held management positions in Support Service organizations at start-up Silicon Valley Networks, a vendor of Test Management software, and SynOptics.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions n...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructur...
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mis...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performa...
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE