security

Articles

Cursor hovering over the word "Security" on a computer screen Integrating Security and Testing Practices

QA and information security use different methods to approach the same goals. When both groups work together, they can make a greater impact on the security of our products. Here's how the QA team can collaborate with infosec to implement strong security standards, prioritize what to test, and obtain quicker feedback on processes, ultimately seeing fewer production incidents related to security.

Sylvia Killinen's picture Sylvia Killinen
Image of lock over code DevSecOps: Incorporate Security into DevOps to Reduce Software Risk

DevSecOps is a growing movement to incorporate security into DevOps practices in order to ensure flaws and weaknesses are exposed early on through monitoring, assessment, and analysis, so remediation can be implemented far earlier than traditional efforts. By failing fast with security testing, organizations reduce risk of a security incident and decrease the cost of rework.

Alan Crouch's picture Alan Crouch
Tweezers plucking a password out of code Conducting Security Testing for Web Applications

As cyber attacks continue to create panic, the threat to our applications and data in the digital sphere grows stronger. Enterprises in the connected world need to realize that security testing is essential for their web applications. They need modern, all-inclusive security testing plans from the inception of their projects to ensure a secure user experience. Here's how to get started.

Ketan Sirigiri's picture Ketan Sirigiri
A touchscreen with connected IoT devices IoT Security Should Start with the UI Setup

IoT security is a large and changing topic, but there is one basic starting point where device security can be improved during development and testing: the user interface. The UI should be the first line of defense, but it’s currently weak in most IoT devices. Implementing better practices during the initial UI setup will go a long way toward improving security.

Jon Hagar's picture Jon Hagar
Volkwagen car emissions What IoT and Embedded Device Testers Can Learn from the Volkswagen Emissions Scandal

In 2015, it was discovered that Volkswagen had equipped millions of its cars with software to cheat on diesel emissions tests. It was a team of independent testers that uncovered the fraud. Jon Hagar tells testers what they can take away from the scandal and gives some recommendations to consider in order to improve the test industry for IoT and embedded systems.

Jon Hagar's picture Jon Hagar
Data security Test Data Privacy: Start Now to Comply with New Regulations

The key for test data privacy is fulfilling testers’ needs for efficiency, speed, and the most accurate representations of data and application behavior in the production environment, while ensuring privacy and protecting testers from unintentional hazards. Here are some tips for getting started on a test data privacy project to comply with the EU’s coming General Data Protection Regulation.

Marcin Grabinski's picture Marcin Grabinski
lock Using the Principles of the CIA Triad to Implement Software Security

If you're starting or improving a security program for your software, you probably have questions about the requirements that define security. Data need to be complete and trustworthy, and also accessible on demand, but only to the right people. The CIA triad defines three principles—confidentiality, integrity, and availability—that help you focus on the right security priorities.

Sylvia Killinen's picture Sylvia Killinen
Security Testing How to Talk about Security Testing without Scaring People

When it came to security testing, Sylvia Killinen noted that her company's most frequent difficulty wasn't the testing itself. Instead, it was the communication that provided problems, in part because of the words used to explain what would be performed. If you take care with how you describe your process, you may get more support while executing tests and repairing systems.

Sylvia Killinen's picture Sylvia Killinen
Death Star Testing The Star Wars Death Star—from a Tester’s Perspective

In the movie Star Wars: Episode IV—A New Hope, the Death Star was designed to be the perfect weapon, with enough firepower to destroy a thousand star systems. Yet a small, ragtag group was able to blow it up. If only Emperor Palpatine had consulted with testers, all of the Death Star’s vulnerabilities could have been found and addressed!

Michael Mak's picture Michael Mak
Test Attacks to Break Mobile Devices Book Review: Software Test Attacks to Break Mobile and Embedded Devices

Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of "smart" devices driven by software, the book focuses on attack-based testing that can be used by individuals and teams.

Michael Sowers's picture Michael Sowers

Pages

StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.