Tuesday, 22 March 2011

Tuesday Top Tip - Penetration Testing

Most companies use application penetration testing towards the end of the development life cycle in order to identify security vulnerabilities. This can be a problem - especially if you had not thought about security earlier in the development process.

What do you do if the pen test throws up major security issues?

If it's late in the development cycle, then these issues will be expensive to address. So you are more inclined to ignore them. That could leave you vulnerable.

Have you been in a position where a serious SQL injection vulnerability has been discovered two days before product launch? What to do? You know it would have been fairly simple to address if it had been discovered a lot earlier - but now it's not so simple.

So here are some Tuesday Top Tips:
  1. You should think of application pen testing as a way to confirm that all your planned security measures have been implemented properly during the earlier development phases.
  2. Try to do some pen testing as early as possible in the development. If you discover issues, they should be less expensive to address - and you can integrate the lessons learned into the rest of the development.

All this assumes that you have integrated security into the development lifecycle.

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

2 comments:

  1. Multichannel access through multiple devices that include web browsers, rich clients, portals, mobile gadgets, sensors and other pervasive devices, as well as programmatic, service-oriented and event-driven interfaces open up multitude of wicket gates for penetration. Having penetration testing (or for that matter testing) done at the fag-end of development is like papering on the gaps. Enterprises that don’t incorporate testing as a part of SDLC are the ones that don’t take security aspects seriously, needless to mention they risk performance limitations, security failures, overspending and above all, run the risk of becoming headlines in leading newspapers for the wrong reasons!

    ReplyDelete
  2. The casinos use the newest security protocols to forestall any third-party breaches of their websites. Note that an offshore distant gambling license won’t do for American on-line casinos, even whether it is issued by famend authorities such as MGA, AGCC, or UKGC. Every state has a special gambling regulation and an impartial licensing physique. The best roulette websites on-line are licensed to function by native US state regulators. It has been getting more and more in style in the last few|the previous few|the previous couple of} years in part because of the pandemic, which shut down a lot of the land-based casinos for lengthy durations. And it’s just a great combination of the 먹튀사이트 먹튀프렌즈 comfort of on-line gambling and the authentic really feel of a physical casino with real dealers.

    ReplyDelete