I don't have a security specialist on staff. Does it make sense to rely on security testing from a software testing...
service like uTest? What should I look for in a security testing service or what are my alternatives?
It’s good to see that you’re thinking about security even though it’s not in your area of expertise. Some businesses that don’t have a security specialist on staff end up outsourcing the security function altogether with minimal internal oversight. That’s not a good approach.
Some businesses ... end up outsourcing the security function altogether. ... That’s not a good approach.
I don’t have any particular experience with outsourced software testing services such as uTest Inc. I’m sure uTest or one of its competitors could potentially help. The thing you have to be cognizant of is general software testing doesn’t equal security testing. Sure, security issues may be uncovered, but when comparing both types of testing, side by side, they’re often completely different types of tests performed by completely different people using completely different tools and techniques.
You need to look at the bigger picture and determine exactly what it is that you need to accomplish. Do you need basic QA testing? Perhaps vulnerability scans to satisfy a compliance or contractual checkbox? Neither are enough if you’re looking to uncover the security issues that really matter.
Security-specific testing services by companies such as Veracode and Checkmarx that look at your source code might be a good fit. In my experience, looking at the source code is only part of the equation.
There are also independent information security consultants (sometimes called pen testers) such as myself who focus their efforts, toolsets and mindsets on hacking Web applications and mobile apps as well as analyzing their source code using both automated tools and manual analysis. Ideally, you’ll want to look at the source code and the actual application in its final state using a malicious mindset to determine what security flaws exist and can be exploited in your unique environment.
Do you have questions about software testing services like uTest, or any other software testing topics? Let us know and we'll publish the answers here on SearchSoftwareQuality.com.
Dig Deeper on Software Security Test Best Practices
Related Q&A from Kevin Beaver
Knowing how to test for security flaws is vital, but it's a complicated and changing field. Expert Kevin Beaver offers security testing basics.continue reading
How do self-healing networks function? Expert Kevin Beaver looks at the benefits such a network has to offer, as well as the key concepts ...continue reading
While there are numerous security benefits to a DNSSEC implementation, there are drawbacks as well. Expert Kevin Beaver explains.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.