Q

Can software testing services like uTest handle security?

Companies without security expertise in-house may consider outsourcing security testing. Security expert Kevin Beaver suggests this is the wrong path.

I don't have a security specialist on staff. Does it make sense to rely on security testing from a software testing service like uTest? What should I look for in a security testing service or what are my alternatives?

It’s good to see that you’re thinking about security even though it’s not in your area of expertise. Some businesses that don’t have a security specialist on staff end up outsourcing the security function altogether with minimal internal oversight. That’s not a good approach.

Some businesses ... end up outsourcing the security function altogether. ... That’s not a good approach.

I don’t have any particular experience with outsourced software testing services such as uTest Inc. I’m sure uTest or one of its competitors could potentially help. The thing you have to be cognizant of is general software testing doesn’t equal security testing. Sure, security issues may be uncovered, but when comparing both types of testing, side by side, they’re often completely different types of tests performed by completely different people using completely different tools and techniques.

You need to look at the bigger picture and determine exactly what it is that you need to accomplish. Do you need basic QA testing? Perhaps vulnerability scans to satisfy a compliance or contractual checkbox? Neither are enough if you’re looking to uncover the security issues that really matter.

Security-specific testing services by companies such as Veracode and Checkmarx that look at your source code might be a good fit. In my experience, looking at the source code is only part of the equation.

There are also independent information security consultants (sometimes called pen testers) such as myself who focus their efforts, toolsets and mindsets on hacking Web applications and mobile apps as well as analyzing their source code using both automated tools and manual analysis. Ideally, you’ll want to look at the source code and the actual application in its final state using a malicious mindset to determine what security flaws exist and can be exploited in your unique environment.

Do you have questions about software testing services like uTest, or any other software testing topics? Let us know and we'll publish the answers here on SearchSoftwareQuality.com.

This was first published in June 2014

Dig deeper on Software Security Test Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.
Related Discussions

Kevin Beaver asks:

Which software testing services have you worked with? What has your experience been?

0  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close