Answer

Can software quality pros shore up network security threats?

How do network attacks impact the security of enterprise Web applications? How can software quality pros do our part to defend against network security threats?

    Requires Free Membership to View

Like a house with a poorly constructed foundation, a Web application that's running in an environment with vulnerable operating systems, databases, and network infrastructure devices is merely there to widen the attack surface and facilitate problems. Unmanaged network security threats make application security practically an illusion.

Although, I find fewer vulnerabilities below layer 7, they still exist and are often there waiting to be exploited. I'm referring to things like:

Mobile application security

You may also want to bone up on OWASP's top ten list of security vulnerabilities for the mobile enterprise.

  • Databases and other services exposed to the Internet
  • Weak, blank, or default passwords on firewalls, operating systems, and databases
  • Missing patches and poor malware protection on servers and workstations that access your applications
  • Improperly configured firewall rulebases, often containing stale rules that permit overreach and unauthorized access
  • Lack of denial of service protection which can hamper even the most resilient of hosting providers
  • Minimal audit logging and no security event oversight or correlation

As a software quality professional, you're about as disconnected from network security as network security professionals are from development and QA. You can't force people's networks to be secure but you can still help make a difference. Work with your team to document a set of recommendations for securely deploying your applications. List out the common flaws and then list out the solutions.

I've found that people simply not thinking about security problems (because they're too busy doing their own jobs) is a major contributor to the information risks we face. Getting network security threats on their radar is half the battle. Beyond that, producing a secure Web presence – at layer 7 – is all you can do.

This was first published in September 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: