I don't have a security specialist on staff. Does it make sense to rely on security testing from a software testing service like uTest? What should I look for in a security testing service or what are my alternatives?
It’s good to see that you’re thinking about security even though it’s not in your area of expertise. Some businesses that don’t have a security specialist on staff end up outsourcing the security function altogether with minimal internal oversight. That’s not a good approach.
Some businesses ... end up outsourcing the security function altogether. ... That’s not a good approach.
I don’t have any particular experience with outsourced software testing services such as uTest Inc. I’m sure uTest or one of its competitors could potentially help. The thing you have to be cognizant of is general software testing doesn’t equal security testing. Sure, security issues may be uncovered, but when comparing both types of testing, side by side, they’re often completely different types of tests performed by completely different people using completely different tools and techniques.
You need to look at the bigger picture and determine exactly what it is that you need to accomplish. Do you need basic QA testing? Perhaps vulnerability scans to satisfy a compliance or contractual checkbox? Neither are enough if you’re looking to uncover the security issues that really matter.
Security-specific testing services by companies such as Veracode and Checkmarx that look at your source code might be a good fit. In my experience, looking at the source code is only part of the equation.
There are also independent information security consultants (sometimes called pen testers) such as myself who focus their efforts, toolsets and mindsets on hacking Web applications and mobile apps as well as analyzing their source code using both automated tools and manual analysis. Ideally, you’ll want to look at the source code and the actual application in its final state using a malicious mindset to determine what security flaws exist and can be exploited in your unique environment.
Do you have questions about software testing services like uTest, or any other software testing topics? Let us know and we'll publish the answers here on SearchSoftwareQuality.com.
Dig deeper on Software Security Test Best Practices
Kevin Beaver asks:
Which software testing services have you worked with? What has your experience been?
0 ResponsesJoin the Discussion
Related Q&A from Kevin Beaver
Although there are many tools and best practices for password policies across remote offices, it's important to remember the basics for Windows ...continue reading
Denial-of-service attacks may be impossible to prevent, but that doesn't mean there aren't ways to protect Web applications from them.continue reading
How can we best prevent hacking and user account lock out in Web applications with forms-based authentication?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.