Q

How do software quality pros navigate cloud computing security issues?

Cloud computing security issues pop up when software QA pros play it fast and loose. Learn how to navigate threats and keep from getting burned.

Everyone says that the cloud is great for speed, but poor for security. How do software quality pros ensure that

the applications they're testing are cloud-ready when it comes to security?

I've always been skeptical of the cloud. Maybe it's because of the nasty security flaws I often find in cloud-based applications. These very applications are often housed in data centers with "flawless" SSAE 16 audit reports. Don't let the salespeople know I told you this: the reality is that "secure hosting provider" doesn't automatically translate into secure applications.

What about mobile threats?

You may also want to bone up on OWASP's top ten list of security vulnerabilities for the mobile enterprise.

Recent news has shown us cloud providers have another security issue to deal with when it comes to the NSA getting their sneaky hands in the pie. Marketing and surveillance aside, software quality professionals need to continue (or start) down the path that's been shown to help shore up software security vulnerabilities

It's finding that low-hanging fruit – the fundamental flaws that study after study show are at the root of most of our application security problems. The Pareto principle applies nicely here: 20 percent of the vulnerabilities create 80 percent of the problems. That's where you need to focus.

The OWASP Top 10 2013 project is a great place to learn more.  Once you fix the common application vulnerabilities and are prepared to answer cloud security-related questions, you'll be close to keeping up with the threats and a few steps ahead of the regulators and even your competition.

One thing you have to keep in mind is that some of these web-related security exploits require – or are at least facilitated by – vulnerable hosts accessing your applications (i.e. systems with Java, Adobe, and related browser-side exploits). As someone in charge of software quality and security, you cannot control that side of the equation but you can at least do your part to ensure that your applications are reasonably secure and are not actually enabling the problem.

This was first published in September 2013

Dig deeper on Cloud Application Testing

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close