Sunday, July 29, 2007

The importance of penetration testing

Interesting article on penetration testing at Server Watch Okay, so its got a sensational headline but it is a good article raising the importance of pen testing.

Forget "Thursday is the new Friday" and "brown is the new black." When it comes to servers, the really important message is this: "Penetration testing is the new vulnerability scanning."

Joe Pescatore, a security analyst at Gartner, explained. "Previously, companies needed to do vulnerability scanning on their network before attackers did, but since attackers have moved from vulnerability scanning to fairly targeted penetration testing, companies now need to carry out penetration testing before the attackers do," he told ServerWatch.

Pescatore recommends that any company involved with online transactions, which allows inbound connections and potentially exposing customer information, have an outside consultancy perform penetration testing at least once a year. Larger companies should carry out additional tests on their servers more frequently, either through a consultant or with automated penetration testing tools.

Penetration testing tools have really come of age in the past 12 months or so, both commercial products aimed at the corporate market place, and free tools like Metasploit framework 3. It's probably not an exaggeration to say that the power of Metasploit has really moved the goalposts, making it far easier for hackers to carry out their own penetration "tests."

Having said that, there's no doubt that the best way to pen test your network is to employ a good outside consultant. A skilled human is more likely to find a way in than even the best software tool will; an outsider is likely to be more effective because familiarity with your own network can leave you blinkered to possible vulnerabilities. "There is an issue that when internal people test things, because they fall in to a pattern of testing and tend not find paths through less-valuable assets," said Pescatore.

Saturday, July 21, 2007

Risk-based testing

Top ten results from Google.co.uk for risk-based testing:

[PDF] Heuristic Risk-Based Testing
Well, now that you know what risk-based testing is, I can devote the rest ..... deal with the risk of poor risk analysis, don’t let risk-based testing be ...www.satisfice.com/articles/hrbt.pdf - Similar pages

[PDF] Troubleshooting Risk-Based Testing
Risk-based testing is a skill. It’s not easy to know the ways that a product ... Often when I hear someone talk about risk-based testing, they seem to be ...www.satisfice.com/articles/rbt-trouble.pdf - Similar pages

Article info : A Strategy for Risk-Based Testing
The fact that you test an application extensively does not itself render the application more stable. However, NOT testing an application increases the risk ...www.stickyminds.com/se/S7566.asp - 44k - 19 Jul 2007 - Similar pages

Site Search : Detail
Well, now that you know what risk-based testing is, I can devote the rest of the ..... This is probably the simplest way to organize risk-based testing. ...www.stickyminds.com/sitewide.asp?ObjectId=1800&ObjectType=ART&Function=edetail - 72k - 19 Jul 2007 - Similar pages[ More results from www.stickyminds.com ]

[PDF] Risk based testing
Risk based testing. Strategy. Objective: Find the most important defects as early ..... James Bach, Risk Based Testing, STQEMagazine, Vol1, No. 6, ...www.cs.tut.fi/tapahtumat/testaus04/schaefer.pdf - Similar pages

[DOC]Risk-Based Testing and Metrics
The risk based test approach is highly dependent on using qualified testers, i.e. testers with experience within the application area and preferable with ...www.amland.no/WordDocuments/EuroSTAR99Paper.doc - Similar pages

Risk Based Testing for E-Business, Web and Internet
Risk Based E-Business Testing is a hands-on guide for business, project and test managers and test practitioners presents an effective approach for using ...www.riskbasedtesting.com/ - 9k - Similar pages

BBST Risk-Based Testing
Risk-based testing (in my view) focuses on the ways the program can fail--imagine how the program can fail and design tests to trigger those failures. ...www.testingeducation.org/BBST/BBSTRisk-BasedTesting.html - 11k - Similar pages

[PDF] Theory and practice of risk-based testing
This paper extends a theory of risk-based test planning that was outlined in a .... for safety risk analysis, this set is likely to cover risk-based testing ...www.csr.ncl.ac.uk/FELIX_Web/1B.R-BT%202.pdf - Similar pages

Software testing services - Acutest
The independent software testing consultancy specialising in testing IT and technology centred change offers risk based testing services for development and deployment initiatives,..www.acutest.co.uk/ - 8k - Similar pages

Saturday, July 07, 2007

Need for independent software testing companies

I read an old article recently on independent software testing. It was in about the Indian testing market but much of it related to the UK software testing market as well.

Need for Independent Software Testing Companies

You can't let a fox guard the henhouse. How often have we heard developers say "It works on my machine, you must be doing something wrong!" to dismiss reported defects? According to Arindum Basu, VP and head of Independent Testing Practice, Kanbay, the rigor, incisiveness and `nothing is holy belief' ensures that defects are trapped before they hit the clients. Sharad Sharma, vice president, product operations, Veritas Software India says, "the need of independent software testing firms is required by the market space".
Independent testing brings many advantages to companies, asserts V Chandrashekaran, CEO, Aztec Software and Technology Services. For one, it brings in objectivity, rigor and transparency to the testing and defect reporting process. In the process, companies can also gain time-to-market by outsourcing parallel activities in the product life cycle development. Most importantly, it provides checks and balances against the development team by being the 'eyes and ears' of the end-user/client. Aztec Software and Technology Services recently acquired Disha Technologies-a software product testing company.
India has around 8 to 10 independent software testing firms. SNS Technologies, for instance, has focused purely on product testing since 1989. Managing director Ashish Shah has big plans for his company. His company hopes to touch the 250 people mark by 2005, and is targeting the UK market this year.

For the full article visit: http://www.dqindia.com/content/special/2005/105012501.asp

Sunday, July 01, 2007

Integration testing

Top 5 results when searching for Integration testing on MSN.co.uk

Living Glossary
... during program execution. instrumenter: A software tool used to carry out instrumentation . integration: The process of combining component s into larger assemblies . integration testing: Testing ...
www.testingstandards.co.uk/living_glossary.htm
· Cached page

Integration Testing White Papers, Integration Testing Webcasts ...
Find Integration Testing white papers, case studies, webcasts and product information to help you ... Your request for Integration Testing resources returned limited or no results.
research.pcpro.co.uk/rlist/term/Integration-Testing.html
· 28/06/2007
· Cached page

Software testing services - Acutest
The independent software testing consultancy specialising in testing IT and technology centred change offers services, clients, careers, out of hours and a location map.
www.acutest.co.uk
· Cached page

System Integration Testing (S.I.T.)
System Integration Testing and Verification ... System Integration Testing (S.I.T.) is the testing of the sub-systems, as a whole, to ensure that ...
www.sharpy.dircon.co.uk/index_files/SystemIntegrationTesting.htm
· 28/06/2007
· Cached page

integration testing from FOLDOC
integration testing <> A type of testing in which software and/or hardware components are combined and tested to confirm that they interact according to their requirements.
foldoc.org/?integration+testing
· Cached page