Header Ads

Enabling Security Testing Need of the Hour

January 03, 2020 ,

Enabling Security Testing Need of the Hour


The internet comprises of network of networks which is available to everyone worldwide. In today's digital world people are exploiting the digital resources worldwide through easy and cheap access of internet. As of 2018, there was an estimated 3.9 billion Internet users worldwide. This accounts for more than half of the global population. Without having physical access to resources available over internet, there is risk of valuable information being lost, stolen, changed or misused. There is greater need to businesses and institutions to ensure security to digital resources and information.

A Clark School study at the University of Maryland is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access— every 39 seconds on average, affecting one in three Americans every year.

 Organizations and institutions need to comply with Cyber security regulations not only to win the confidence of customers but to protect the valuable resources from being misused.

Security testing is the process intended to revel flaws in the information system.

Security Testing Requirements

  • Confidentiality - protects against the disclosure of information to parties other than the intended recipient.
  • Integrity - protecting information from being modified by unauthorized parties.
  • Authentication - confirming the identity of a person.
  • Authorization - requester is allowed to receive a service or perform an operation.
  • Availability - Information must be kept available to authorized persons when they need it.

Security Testing Activities

  • Discovery – To detect version and may highlight deprecated versions of software / firmware.
  • Vulnerability Scan – To detect security issues by using automated tools to match conditions with known vulnerabilities.
  • Vulnerability Assessment- To identify security vulnerabilities and places the findings into the context of the environment under test.
  • Security Assessment - Vulnerability Assessment by adding manual verification to confirm exposure.
  • Penetration Test - Penetration test simulates an attack by a malicious party
  • Security Audit - Driven by an Audit / Risk function to look at a specific control or compliance issue.
  • Security Review - Verification that industry or internal security standards have been applied to system components or product.

Security Testing Tools

  • Arachni
  • Grabber
  • Iron Wasp
  • Nogotofail
  • SonarQube
  • SQLMap
  • W3af
  • Wapiti


Conclusion
As Cyber threat is more susceptible to digitized mid-sized businesses and large organizations, cyber security testing and compliance needs to be enabled and practiced by present generation entities busy interacting with each other in the fast paced digital world. Also leveraging automation tools or developing automation tools and using continuous integration / continuous deployment to aid security testing is need of the hour.

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )
automationglance.com. Powered by Blogger.