Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can software testing services like uTest handle security?

Companies without security expertise in-house may consider outsourcing security testing. Security expert Kevin Beaver suggests this is the wrong path.

I don't have a security specialist on staff. Does it make sense to rely on security testing from a software testing service like uTest? What should I look for in a security testing service or what are my alternatives?

It’s good to see that you’re thinking about security even though it’s not in your area of expertise. Some businesses that don’t have a security specialist on staff end up outsourcing the security function altogether with minimal internal oversight. That’s not a good approach.

Some businesses ... end up outsourcing the security function altogether. ... That’s not a good approach.

I don’t have any particular experience with outsourced software testing services such as uTest Inc. I’m sure uTest or one of its competitors could potentially help. The thing you have to be cognizant of is general software testing doesn’t equal security testing. Sure, security issues may be uncovered, but when comparing both types of testing, side by side, they’re often completely different types of tests performed by completely different people using completely different tools and techniques.

You need to look at the bigger picture and determine exactly what it is that you need to accomplish. Do you need basic QA testing? Perhaps vulnerability scans to satisfy a compliance or contractual checkbox? Neither are enough if you’re looking to uncover the security issues that really matter.

Security-specific testing services by companies such as Veracode and Checkmarx that look at your source code might be a good fit. In my experience, looking at the source code is only part of the equation.

There are also independent information security consultants (sometimes called pen testers) such as myself who focus their efforts, toolsets and mindsets on hacking Web applications and mobile apps as well as analyzing their source code using both automated tools and manual analysis. Ideally, you’ll want to look at the source code and the actual application in its final state using a malicious mindset to determine what security flaws exist and can be exploited in your unique environment.

Do you have questions about software testing services like uTest, or any other software testing topics? Let us know and we'll publish the answers here on SearchSoftwareQuality.com.

Dig Deeper on Topics Archive

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Have you worked with any of these software testing services? What has your experience been?