Develop software security testing model - ocawley/ittsqa22 GitHub Wiki

In today’s modern society, where most people have access to the internet, the security of people’s personal information becomes paramount.

[1]"Consumers are more mobile than ever, but leaving security behind. Despite the fact that 63 percent of those surveyed own smartphones and 30 percent own tablets, nearly one-in-two don’t take basic precautions such as using passwords, having security software or backing up files on their mobile device."

Good security practices are not only essential for the users of software but also to the developers behind it. Whether it is a web browser on a laptop or an app on a mobile device, an application which is found to be vulnerable can have a devastating impact on a company’s reputation.

When all of the user requirements are gathered an elaborate risk analysis is carried out. Testing must be carried out early in the development lifecycle. This would avoid costly changes later on.

• What personal details will the application store?
• How that data will be stored.
• The sort of attacks which could exploit the application and the defences against them.

Staff/developers should be kept up to date and informed as security policies and procedures are updated and changed. They should be also kept well versed in attack techniques and the different attack trends. This would ensure good coding practices at the early stages of coding, fewer security bugs and vulnerabilities and therefore keeping costs to a minimum.

While it may be possible that an application may be hacked, the use of good encryption techniques can minimise the impact. Encryption algorithms play a vital part of security on the internet and in applications.

[1]2013 Norton Report | Symantec. 2014. 2013 Norton Report | Symantec. [ONLINE] Available at: http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=norton-report-2013. [Accessed 25 September 2014].