With the “Digital Transformation” gaining influence in our lives and making software even more prevalent as the driver of change, you can’t help but think of the mobile platform as the key enabler. With this in mind, it’s critical to understand the infrastructure that supports your mobile app and the components that may be exposed to vulnerabilities. And with this understanding, identify potential threats and assess what the impact will be. This blog steps through some of the key points you need to consider when embarking on a mobile security testing effort.
The economy and software are now integrated so tightly that we can’t disconnect them. As software continues to grow in functionality and integration, i.e. televisions, computers, mobile apps; our lives will continue to morph as this software is also intertwined with related services. As Nassim Taleb put it, our lives are becoming more fragile due to all these dependencies as well. Could we survive without software? That's why you need to make sure...
Software Security Testing Services Software Security Testing is Important! There is a good chance that you are already personally on the receiving end of a breach - Equifax. your SS #, home address, phone number, etc., are likely being funneled around the dark web to multiple bidders. This is real and software security testing really is important! Equifax is the latest high-visibility security failure example, with half the U.S. population affected. But that breach is hardly an isolated event. Yahoo, Verizon, Republican National Committee, OneLogin (with compromised API keys) have all been victims. And this list goes on [...]
At the beginning of August, Our CEO Philip Lew spoke at the Softec Asia 2017 conference in Kuala Lumpar, Malaysia. With the theme "Testing As A Service," speakers tackled the topic with knowledge in all aspects of improving software quality. Here is a visual look at what some of the speakers focused on in their presentations.
Without a vocal advocate — and managers willing to stand up in support of it — company culture won’t change, and users’ needs are going to go unmet. And if there’s no strong advocate for testing within the company, the results can be disastrous — and not just in the marketplace.
JMeter Performance Testing Performance testing is more important now than ever! Some studies have shown that users of mobile and/or web apps can detect differences in response times of 250 milliseconds or more. And that the “slower” the app, the less likely users are to keep using it. No one wants to put up with a slow performing, an unreliable site in cases of purchasing, online test taking, bill payment, or simply browsing for information. The internet puts real meaning to the old saying “easy come, easy go”. It is easier to lose users than gain them and performance [...]
We recently conducted our first annual software security survey and are tabulating the results. In the survey, we asked a broad range of questions, mostly targeted to see how seriously companies take software security threats by asking them what types of practices they have in place and how much time and effort they put into it. What we found was that 1/3 of the respondents either had no responsible person in their organization for software security or they didn't know if they did.
You might consider this phenomenon similar to Nassim Taleb's Black Swan probability applications to the financial markets and many other events in nature. Much of his work and fortune are based on the assessment of very low probability catastrophic events, like the great recession. Yes, he predicted the great recession and made a killing. How did he do that?
We tend to think of companies like Sony, Anthem, and Target as being secure – of course, until they get hacked. But we have to remember that even the most reputable organizations face Internet security threats, and regardless of how many times we check our doors, no one is safe. Whether to simply cause disruptions and mar the reputations of companies, or to cause real damage and steal personal information for malicious use, attackers will go the distance. Generally, development teams are aware of the possibility of risks, but are they actually prepared to turn away risks when they come knocking at the door? Or better yet, are they ready to handle full-fledged infiltration?
Smartphones have become part of our daily lives, but also more importantly, their storage capabilities and sensors have increased beyond our imagination. This could be due to the constant war between Apple and Android; but, when it comes down to it, Android has the largest OS market share despite Apple’s dominance in the smartphone market as a single software-hardware combination platform. This gets me thinking about Android application security testing, since any of the apps can potentially access whatever data is on the phone.
Whilst mobile and embedded software systems take over the world, the developers behind the applications and smartphones produced are more worried about functionality and sales figures than they are about the increasing risk to security. At an alarming rate, handheld devices are vulnerable to being hacked and exploited, and as sophisticated malware pops up on the scene hackers are capable of instigating evermore complex attacks that put the common mobile device at risk. Our Mobile Security Testing infographic shows recent Poll votes during our Mobile Security Webinar that dealt with these issues, offering solutions with Jon D. Hagar.
Fiddler is a Web Debugging Proxy tool which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic and can be used by developers to debug web programs. It can also help testers inspect and examine the traffic between the user side of a web application and web server. I’ll just talk about the tool from a tester perspective, and discuss some simple uses that we’ve run across.