Where will they hit you?

Open APIs

Infosecurity Magazine states nearly 70% of organizations allow the public to access their API.

Outdated Patches

Running QA tests on the newest version of a device doesn’t mean it will behave flawlessly after release: 90% of Android users are running outdated OS versions and 1 in 4 iOS users haven’t updated to iOS 11.

Administrative Errors

With faster paces of development 73% of organizations provide root access unnecessarily and don’t follow security best practices.

Blind integration of 3rd party components

Frameworks, libraries and cloud services are being integrated into larger solutions without proper security evaluations.

System Vulnerabilities

DevOps and IT teams are being pushed harder than ever and spending less time ensuring the security of their products.

Put your Security knowledge to test

Take the test to check your security awareness level:

Take the test to check your security awareness level

Correct

Oh, no

%

Question /

Answer

    Aftermath of a Hacking Storm

    In the last 12 months, 44% of all organizations have suffered some sort of data breach. A recent survey revealed that an overwhelming majority of customers would stop doing business with an organization that allowed their data to be stolen. Failure to protect data has serious costs:

    REPUTATIONAL

    PageUp, a major HR agency in Australia, faces a significant loss of users as faith in the organization’s ability to hold onto sensitive information dwindled after a significant data breach.

    FINANCIAL

    Greenwich University was fined nearly $160,000 for lax security after their data breach and French company Optical Center (a vision and hearing aid provider) was fined just under $300,000 after a recent data loss.

    What can companies do to safeguard themselves?

    • Steps Benefits
    • Launch vulnerability program Develop resistance to cross-site scripting, SQL injections and advanced cyber attacks.
    • Conduct penetration testing Security holes can be patched once they are identified.
    • Organise QA Security training Staff recognize security issues and manage them correctly.
    • Perform a Security Assessment Be aware of blind spots that can then be ameliorated.
    • Engage a red-team Get insights into vulnerabilities from the perspective of a hacker.
    • Consider a central device management system Updates and security patches can be pushed to all devices on the network.
    • Evaluate API Data is disclosed only as required.

    Here’s what Ciklum QA Security Services can do for you:

    Penetration testing Vulnerability assessment Dev/QA Security Training

    Case Story

    Small steps lead to big results

    How Kantar Retail conducted a Security Audit

    The Kantar Retail VR Product Team needed to implement SSDLC to improve product quality. They also needed to create internal security testing procedures and advance their QA expertise.

    Ciklum Security team analyzed the technologies used by Kantar Retail, reviewed their security reports and discussed plans for product development with the company stakeholders.

    Kantar Retail QA team got an insight into the Secure SDLC implementation process, improved the expertise in discovering security issues in applications and got the full set of guidelines for different types of security.

    Security FAQ

    with Andrii Shevchuk, Ciklum’s Head of QA security

    1. What is penetration testing?
    Car companies use crash tests to test the safety of the vehicles they produce. A penetration test is a crash test for your software or infrastructure. A penetration test is a sanctioned attempt to hack into a system to discover vulnerabilities
    When our team conducted a security testing project for a leading e-commerce company in Denmark, we conducted a penetration test on the company’s live payment system environment. The client didn’t expect 23 security issues to be identified and resolved. How did we do it? We mixed black grey and white box approaches and attacked with the same goals as a malicious hacker. After the penetration testing phase was over, we developed a programme and revealed all the issues during a security training.
    A penetration test has an objective and certain limitations or special conditions, e.g. two days, attempt only during working time to obtain the CEO’s user ID and password. A vulnerability assessment is designed to attack on all fronts, utilize possible attack vectors, find as many vulnerabilities and report potential exposures.
    If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked according to Richard Clarke and it’s hard not to agree. Top companies like Google, Microsoft, Lufthansa are rewarding hackers up to $900,000 a year in bounties. If you’re using QA security services from a third party, the cost depends on the scope and scenario. It generally takes around 30-40% of the development costs of the infrastructure or product to be secure but each situation is unique.
    To protect your organisation from hackers, you need to think like a hacker. An in-house security team can have finite thinking as they only focus on that company’s infrastructure, product and processes issues. Complacency can also be a problem. Engaging a third party to test your defenses will help you prevent actual attacks from vectors that might be not even considered before.
    A good security testing team has plenty of resources and the sharpest professionals. Pay attention to their certifications - OSCE, OSCP, eWPTX, eMAPT and ISACA CISA - the more certified they are, the more methodologies are in their armoury. OWASP, OSSTMM, PTES, NIST SP 800-115 - look for these methodologies in the vendor’s portfolio.

    Need a whole range of Testing services?

    Security QA Performance QA QA Automation Manual QA QA Consulting

    Download “The Security Testing Guide”

    Trending Threats QA Security Use Cases Tips to Improve your Cybersecurity Strategy

    This field is required
    Email is invalid
    This field is required

    What is your area of interest in terms of testing?

    Sorry, we will not be able to send you the Guide, if you do not check boxes.