Security testing – Hacking ethically!!

Security testing – Hacking ethically!!

According to multiple projection reports, cyber security is going to be one of the fastest growing sector in next 3 to 5 years globally. In Indian context, one of the recent articles in leading Indian financial newspaper mentioned a need of  500,000 cyber security professionals in India as compared to a few hundred available currently.  The recent attack on Adobe network (http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html) is one of the many examples of the security threats the cyber world is witnessing. Security attacks can create huge impact on business and other organizations in terms of exposing confidential and sensitive data, financial loss, halting operations, regulatory non-compliance and so on.
Then what kind of role a tester has to play in this situation? Security testing is the answer.
Functional security is addressed during functional testing of the software by validating authentication and authorization features of the software by checking the role based access permissions. But security is far more than this.
Specialized security testing also called as ‘Vulnerability assessment and penetration testing’ (VSPT) focuses on identifying any flaws or gaps impacting confidentiality and integrity of the application data and services. The objective is to ensure that software is secure against known vulnerabilities.
OWASP (Open Web Application Security Project)  https://www.owasp.org periodically produces an awareness document containing the top 10 most critical web application security risks or vulnerabilities. The current report (2013) shows Injection, Broken authentication and session management, cross site scripting as the top 3 security risks.  Security tester needs to have thorough knowledge about these vulnerabilities and methods to exploit them.  Security testing is done using hundreds of open source and commercial tools like Nessus, Paros, WebScarab, HP WebInspect,  IBM Appscan etc, which scan the applications, servers and networks for the vulnerabilities and create attacks to exploit these vulnerabilities.
For a security testers, it is extremely important to have a knowledge about vulnerabilities ,  command on most of the tools in addition to the thorough knowledge of web architecture and data exchange protocols.
This is also termed as ethical hacking as the testers simulate hackers behavior but with an good intention to assess the security risks which can in turn be fixed by developer community.  EC Council’s (https://www.eccouncil.org  ) CEH (Certified Ethical Hacker)  or LPT (Licensed Penetration tester) are some of the key certifications  which can be enablers for a security tester.

For more details visit SEED Infotech Wagholi Pune Blog at : http://seedinfotechpune.blogspot.in/

Locate us on Google Map : https://www.google.co.in/maps/place/SEED+Infotech+Pune/@18.580642,73.976231,15z/data=!4m2!3m1!1s0x0:0xc4d19be6006792c9?sa=X&ei=-dFUVMiFFcGLuwT6qIL4BA&ved=0CHwQ_BIwCg

For any enquiry leave your details here for call back : http://seedinfotechwagholi-pune.co.in/enquiry.php

Google+ :  https://plus.google.com/+SeedinfotechwagholipuneCoIn412207/posts