Q

How to best security test your applications: Collaboration and outsourcing

Security testing is an important factor in the application development process, and fortunately there are specialists who work to ensure that applications are as secure as possible. However, it can be difficult to know when it is necessary to outsource security testing and how much in-house collaboration is needed. In this response, Mike Jones offers expert advice on these aspects of security testing.

Is collaboration needed for security test or can that be outsourced?

For most organizations, security testing is handled by specialists and limited to functions like vulnerability scanning, patching desktops and looking at network weaknesses. If you follow industry news, you might make the assumption that the black hats are the only people out there actually doing security testing, as they seem to find and exploit errors on a regular basis -- I guess you could call this “outsourcing.”

In reality, no matter how good your security testing tools might be, you will need experts to help assess your applications. A big risk is complacency; even if you have done some basic scanning and testing, you s till need a specialized security expert roll up their sleeves and really run your software through the vulnerability wringer. Thus, I think some form of collaboration in security testing is always needed to do a thorough job.

In response to the original question, yes, collaboration is almost always needed. As for outsourcing, my advice is to keep it in-house, even if you have to hire an expert to assist occasionally, as it is your reputation on the line and not necessarily the outsourcing firm’s.  

This was first published in April 2011

Dig deeper on Software Security Test Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close