Friday, March 17, 2006

Software Testing as part of a solution

Security testing of internet solutions provides two fundamental services:
  • It allows cost-effective selection of security controls at all stages of the project cycle, allowing proper integration of security measures (procedural and technical) into the final solution.
  • Management are given firm evidence of the level of security provided, showing that, in the event of a security breach, "due diligence" was exercise, which may limit damages claims or criminal liability.
Testing a system will involve a number of seperate checks:
  • All software involved should be examined for known security flaws.
  • The infrastructure design should be implemented to allow secure operation.
  • Site functionality should be examined to ensure that access to sensitive information and administrative funstions are protected appropriately. This applies to operating system and server level functions, as well as application level.
  • Only services necessary for the business process should be running on web-facing servers (the more different systems, the greater the likelihood of a serious flaw.)


Post a Comment

<< Home