Over the holiday, I took my time to read this book about state-sponsored attacks. Quite interesting if you want to model potential attacks on your company and organization. My summary in three parts distilled my learnings from reading the book.
Comparing TLS and OAuth 2.0 sounds like comparing apples and pears for seasoned security experts. Still, it is a great way to illustrate the various facets of authentication in complex, open, and interconnected IT landscapes.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Smooth business processes need a stable IT landscape. Thus, IT departments spend time and money on testing their business applications. But what could be a reason for a tension between efficient testing and compliance needs? Sensitive data are the reason! Testing business applications requires adequate data in the databases of test systems. …
Image courtesy ofrenjith krishnan at FreeDigitalPhotos.net
Late in 2013, the International Organization for Standardization released a new version of its ISO 27001 information security standard. The standard covers requirements applying to all organizations and ones relevant only for organizations with in-house software development and integration projects. They impact testers, developers, and release managers. This article summarizes the relevant facts and points out topics that testing and development teams have to work on.
Click here to read the article, which I published in the testing experience magazine…
Image courtesy of winnond at FreeDigitalPhotos.net
Snowden, CDs von Schweizer Banken oder die fast vergessene Bonusmeilen-Affäre – manche MitarbeiterInnen ignorieren arbeitsvertragliche und strafrechtliche Normen. Mögliche Gründe sind Frust, Geltungssucht oder der Reiz des schnellen Geldes. Manchmal passiert „nur“ ein Fehler. Eine Mitarbeiterin verliert einen USB-Stick mit Forschungsergebnissen oder ein Mitarbeiter schickt eine Kundenliste an eine falsche E-Mail-Adresse. Ein solcher Datenabfluss ist in hochkompetitiven, wissensintensiven Sektoren wie der Pharma- oder Automobilbranche besonders kritisch. Änliches gilt für Branchen mit sensiblen Kundendaten. Beispiele sind das Gesundheitswesen, Banken und Versicherungen. Auch der Sicherheitssektor ist gefährdet. Wie schützen sich also Unternehmen vor einem Datenabfluss?
Image courtesy of renjith krishnan / FreeDigitalPhotos.net
Snowden is a reversal point for IT security and risk. Before him, many saw IT security as equivalent to a medieval town wall: keeping outside hackers and malicious code away from the company. Firewalls, virus scanners, and application security testing (e.g., to find SQL injections) fit the town wall approach. But Snowden was different. He was from the inside of the organization. He collected large amounts of sensitive data. Then, he got the data out of a highly secured IT organization, which had to learn from the press about the case. In this article, I will explain such data-related risks in ITdepartments and how data loss prevention (DLP) tools help to manage them.
Mobile apps are everywhere. Some apps entertain and others enable business transactions. Apps increasingly interact with complex IT landscapes. For example, a banking app on a mobile device acts as a front end that invokes services on a back-end server of the bank, which might contact even more servers. Mobile testing becomes crucial and challenging. This paper follows a user-centric testing approach. The app’s architecture matters for testing, as does its user base and usage context. Addressing these factors ensures that test cases cover all relevant areas. Most apps need test automation for two reasons: agility and compatibly. To the complete article about testing mobile apps …