Blog

Security testing – choose what you really need. Part I

First of all I want to say that if you ever faced the issues of security testing, but really know few about it in practice, this article is what you need to read. If you are a security tester, well, you can use the article for explanation purposes.
5 August 2014
Cybersecurity testing
The article by a1qa
a1qa

First of all I want to say that if you ever faced the issues of security testing, but really know few about it in practice, this article is what you need to read. If you are a security tester, well, you can use the article for explanation purposes.

So, when security testing is necessary? There are LOTS of reasons, the listed below are basic ones.

Security testing is necessary when:

  • There is a corporate network or web application that wasn`t ever check for security issues or it was REALLY long time ago;
  • The system was successfully attacked or there was a try;
  • New functionality was implemented in a functioning product;
  • Layout of corporate network was heavily changed;
  • The application was migrated from test environment into manufacturing environment;
  • Company follows domain standards (PCI DSS, HIPAA).

In fact, there is a very simple way to define whether you need security testing or not. If you have “something” and this “something” processes important data and can be accessed via the internet – you NEED security testing. What is important data? Everything that is valuable: user personal data, payment cards information, company`s bills, invoices and so on. Even if your application doesn`t store or process important information, do not underestimate possible reputation damage. I think you agree that if someone hacks your website and changes your logo to the competitor`s one, it does you no good.

So, when you finally agree that performing security is a good decision, move to the next step: type of security testing. When you already have security check requirements defined by an outer analyst, it would be much easier to decide. Still, what to do when you literally have nothing?

Option #1: You can approach to a software testing company saying “I have a website/network and want to check its security”, BUT it takes testing specialists several days to define the need and takes you additional costs.

Option #2 (the right one): work out your security testing needs. For that very purpose consider these criteria:

  • Define you testing goals
  • Collect system data to provide analysts with necessary information
  • System entry point (relevant only for testing local networks)

There are two types of security testing: Penetration testing and Vulnerability Assessment.

The goal of penetration testing is enter a web-application internal infrastructure, cease control over the internal servers or access the important information. Doing this testing specialists feign actions of real hackers. The defects detected in the testing process and testing methodology isn`t the main thing here. What is important here is whether the system in its current state is accessible for hackers or not. Testers are to prove that.

Penetration testing takes less time than Vulnerability Assessment and evaluates the efficiency of your security measures.

If you want to know whether it is possible to hack your system, penetration testing is your option.

Next time we`ll go through Vulnerability Assessment and its differences from Penetration testing.

More Posts

6-march-2023-1
21 March 2023,
by a1qa
4 min read
The ultimate QA guide for smoothly migrating to Web 3.0
Find out how businesses can seamlessly migrate to Web 3.0 by relying on quality assurance.
Cybersecurity testing
General
Performance testing
Usability testing
27 February 2023,
by a1qa
5 min read
Reaching HIPAA compliance for eHealth solutions through QA
We reveal HIPAA’s data safety benchmarks and shed light on how software testing may help in its conformity.
Cybersecurity testing
Software lifecycle QA
Mobile app testing
15 February 2023,
by a1qa
4 min read
Mobile app testing guide: win the race with five-star software
Which aspects of mobile apps to test first to produce a really high-quality product? Find the answer to this and other questions related to mobile app testing in the article.
Cybersecurity testing
Functional testing
Mobile app testing
Performance testing
Test automation
Usability testing
qa-trends-in-telecom
30 September 2022,
by a1qa
5 min read
4 telecom trends for 2023 and how to painlessly implement them with QA
It’s time to explore the telecom trends for the upcoming year. Let’s look at them together and also see the value that QA brings for their smooth deployment.
Cybersecurity testing
Migration testing
QA trends
Quality assurance
Test automation
black-friday
29 July 2022,
by a1qa
4 min read
Get ready for Black-Friday-to-Cyber-Monday shopping: 5 testing types to include in your QA strategy
What’s your nightmare during Black Friday and Cyber Monday shopping? If it’s a loss of sales, read about the ways to prevent this in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Usability testing
30 June 2022,
by a1qa
4 min read
App software testing for telecom: What are the common issues telco providers face?
Facing problems with the quality of your telecom software products? Read more in the article and find out the ways to address them.
Cybersecurity testing
Performance testing
Test automation
20 June 2022,
by Alina Karachun
5 min read
Top-quality IoT solutions: 3 problems and ways to solve them
What quality aspects of IoT solutions are predominant to care about and why? Find the answers in the article.
Cybersecurity testing
IoT testing
Performance testing
19 April 2022,
by a1qa
5 min read
What prevents companies from boosting eCommerce customer experience: 4 common mistakes
Dreaming of a flawless online shopping journey for your users? Explore 4 widespread situations that hamper achieving this goal.
Cybersecurity testing
Performance testing
Test automation
Usability testing
Clutch awards
23 March 2022,
by a1qa
2 min read
a1qa recognized for cybersecurity expertise by Clutch!
The global online review platform Clutch added a1qa to the Top 15 Penetration Testing Companies for 2022.
Cybersecurity testing

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.