How can online collaboration tools or social media be used by team members to ensure application security?
This is a creative question, and to start, I’ll discuss the benefit of working together in furthering application security. In software testing in general, testing works in two directions: first, it’s intended to guarantee adherence to specification. That’s the comparatively easy part. Second, testing probes the limits of the application in an effort to gauge robustness or reliability. That’s an open-ended and somewhat infinite process.
Security testing is very similar. Applications have a series of security features, and often a defined set of security requirements. But beyond that finite checklist, there are a myriad of ways software can be insecure. It is virtually impossible for one tester to find all of the security vulnerabilities in a given software application. Online collaboration can be a big boon to software security testing, in that it allows a group of people to work together, in varying degrees of organization, to come nearer to the goal of vulnerability-free software.
One social media tool with promise is Google Hangouts. This is a mix of IRC/group chat and video chat, all in one. This concept is great for group coordination and conversation. As remote teams (formal or informal) progress through the security testing process, they can ‘hangout’ together and discuss their findings. Testing is a truly heuristic process, especially security testing, and the various cultural and technology backgrounds found in a group can lead to new tests. The idea of 1+1=3 is definitely at play in groups.
Another way social media can help the application security testing community is the migration of BBS services into groups on Facebook and Google+. These groups aren’t necessarily real-time, but they offer an opportunity to bounce ideas off of other group members and benefit from the ideas of a wide variety of backgrounds. For instance, in preparing for an upcoming article to posted on searchsoftwarequality.com, I posted a question to the “Software Testing and Quality Assurance” group on Facebook and enjoyed the answers I received.
I think by far the best use of online collaboration tools is the “use that furthers the project.” In other words, any tool that helps the team improve security based on their team culture is a great tool. I’m a very visual person, so I love mind maps – and mind maps are a fantastic way to develop security test strategies. Group collaboration in building a mind map is a fast way to flesh out a comprehensive test strategy.
The key to getting the most out of online collaboration and social media is to experiment with it. Try it out with a small group and see what new and creative ways you can use it to further your security testing efforts.
For a comprehensive resource on social media, see Social media: A guide to enhancing ALM with collaborative tools.
This was first published in December 2011