Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How to best security test your applications: Collaboration and outsourcing

Security testing is an important factor in the application development process, and fortunately there are specialists who work to ensure that applications are as secure as possible. However, it can be difficult to know when it is necessary to outsource security testing and how much in-house collaboration is needed. In this response, Mike Jones offers expert advice on these aspects of security testing.

Is collaboration needed for security test or can that be outsourced?

For most organizations, security testing is handled by specialists and limited to functions like vulnerability scanning, patching desktops and looking at network weaknesses. If you follow industry news, you might make the assumption that the black hats are the only people out there actually doing security testing, as they seem to find and exploit errors on a regular basis -- I guess you could call this “outsourcing.”

In reality, no matter how good your security testing tools might be, you will need experts to help assess your applications. A big risk is complacency; even if you have done some basic scanning and testing, you s till need a specialized security expert roll up their sleeves and really run your software through the vulnerability wringer. Thus, I think some form of collaboration in security testing is always needed to do a thorough job.

In response to the original question, yes, collaboration is almost always needed. As for outsourcing, my advice is to keep it in-house, even if you have to hire an expert to assist occasionally, as it is your reputation on the line and not necessarily the outsourcing firm’s.  

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.