Emerging Technologies and Challenges in Security Testing
Writing by admin on Friday, 23 of July, 2010 at 6:15 am
In this new era where technologies converge with user experience, an unprecedented number of enterprises use and depend on growing number of relatively new and emerging applications. While technology advancements focus on providing rich user experience, they also pose greater threat to enterprises as they have greater attack surface.
Security remains an afterthought as developers are under pressure to pack features in applications in less than ideal time. While enterprises understand that the usage and adoption of new technologies are inevitable to enhance business opportunities, they also realize that improper design, implementation, and usage of new technologies will most likely lead to information security breaches and public relations debacles.
The advent of social networking sites, blogs, wikis, service oriented architecture, SaaS, dynamic web contents, virtualization, and mobile application stores has increased the complexity of the security landscape. Web applications are increasingly becoming the preferred targets for cyber criminals, with XSS and SQLi being the top vectors. Malware distribution through malicious banner ads and attacks involving stored information are also on the rise. According to Verizon Business Data Breach Report – April 2009, around 90% of websites are vulnerable to attack, while the Ponemon Institute’s – Jan 2010 report shows that the average total cost of a data breach per incident is $6.75m.
The requirement for security testing is gaining significance in the context of current breed of applications and the impact they can have on the business. Security testing, though not as mature as some other testing areas, has now become an integral part of enterprise testing strategy not only because of the awareness of various ways an application can be compromised but also because of the inability of latest technologies to dodge the cyber criminals as demonstrated by recent security incidents and breaches.
But, security testing comes across various challenges such as, shortage of QA professionals with security testing expertise, increased sophistication levels of hacker, growing dependency on new and unproven technologies, multiplexed connections from applications, compressed development lifecycle, and challenges in effectively integrating security testing into enterprise testing. Enterprise application security testing is still hampered by various factors such as ad-hoc testing, dependency on tools, inadequate skills, adoption of new technologies at a rapid pace, end-user centric application designs, wide acceptance of internet based applications, cyber warfare, and lack of overall security strategy.
However, having a common framework that provides guidance in creating repeatable and reproducible approach/methodology, planning and execution strategy, basis to calculate metrics, and determining the impact increases the effectiveness and efficiency of security testing. Hence, the security testing framework helps organizations to execute security tests in a systematic way, have a common approach to test various emerging technologies, reduce security testing cycle time, produce consistent results in validating the security index of the applications, minimize cost of bug-finding, enhance customer confidence, and seamlessly integrate security testing with enterprise testing, resulting in increased effectiveness and efficiency of security testing.
Category: Security Testing Services, Software Testing
- Add this post to
- Del.icio.us -
- Meneame -
- Digg
No comments yet.