Where will they hit you?
Infosecurity Magazine states nearly 70% of organizations allow the public to access their API.
Running QA tests on the newest version of a device doesn’t mean it will behave flawlessly after release: 90% of Android users are running outdated OS versions and 1 in 4 iOS users haven’t updated to iOS 11.
With faster paces of development 73% of organizations provide root access unnecessarily and don’t follow security best practices.
Blind integration of 3rd party components
Frameworks, libraries and cloud services are being integrated into larger solutions without proper security evaluations.
DevOps and IT teams are being pushed harder than ever and spending less time ensuring the security of their products.
Put your Security knowledge to test
Take the test to check your security awareness level:
Take the test to check your security awareness level
Aftermath of a Hacking Storm
In the last 12 months, 44% of all organizations have suffered some sort of data breach. A recent survey revealed that an overwhelming majority of customers would stop doing business with an organization that allowed their data to be stolen. Failure to protect data has serious costs:
PageUp, a major HR agency in Australia, faces a significant loss of users as faith in the organization’s ability to hold onto sensitive information dwindled after a significant data breach.
Greenwich University was fined nearly $160,000 for lax security after their data breach and French company Optical Center (a vision and hearing aid provider) was fined just under $300,000 after a recent data loss.
What can companies do to safeguard themselves?
- Steps Benefits
- Launch vulnerability program Develop resistance to cross-site scripting, SQL injections and advanced cyber attacks.
- Conduct penetration testing Security holes can be patched once they are identified.
- Organise QA Security training Staff recognize security issues and manage them correctly.
- Perform a Security Assessment Be aware of blind spots that can then be ameliorated.
- Engage a red-team Get insights into vulnerabilities from the perspective of a hacker.
- Consider a central device management system Updates and security patches can be pushed to all devices on the network.
- Evaluate API Data is disclosed only as required.
Small steps lead to big results
How Kantar Retail conducted a Security Audit
The Kantar Retail VR Product Team needed to implement SSDLC to improve product quality. They also needed to create internal security testing procedures and advance their QA expertise.
Ciklum Security team analyzed the technologies used by Kantar Retail, reviewed their security reports and discussed plans for product development with the company stakeholders.
Kantar Retail QA team got an insight into the Secure SDLC implementation process, improved the expertise in discovering security issues in applications and got the full set of guidelines for different types of security.
with Andrii Shevchuk, Ciklum’s Head of QA security
Download “The Security Testing Guide”
Trending Threats QA Security Use Cases Tips to Improve your Cybersecurity Strategy