How to best security test your applications: Collaboration and outsourcing

Is collaboration needed for security test or can that be outsourced?

    Requires Free Membership to View

For most organizations, security testing is handled by specialists and limited to functions like vulnerability scanning, patching desktops and looking at network weaknesses. If you follow industry news, you might make the assumption that the black hats are the only people out there actually doing security testing, as they seem to find and exploit errors on a regular basis -- I guess you could call this “outsourcing.”

In reality, no matter how good your security testing tools might be, you will need experts to help assess your applications. A big risk is complacency; even if you have done some basic scanning and testing, you s till need a specialized security expert roll up their sleeves and really run your software through the vulnerability wringer. Thus, I think some form of collaboration in security testing is always needed to do a thorough job.

In response to the original question, yes, collaboration is almost always needed. As for outsourcing, my advice is to keep it in-house, even if you have to hire an expert to assist occasionally, as it is your reputation on the line and not necessarily the outsourcing firm’s.  

This was first published in April 2011

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: