Archive for June, 2017

How To Identify And Manage Software Testing Risks

26th June, 2017

Software testing is a complex process that involves in-depth identification and management of the potential risks. These may be concerned with different aspects of software development, such as legal liabilities, security, data integrity, project failure, nonconformity to quality standards etc.

Mainly, the risks can be classified into two types:

  • Product Risk: Also known as quality risk, it refers to the potential inability of a software to meet the expectations of the end users or stakeholders.
  • Project Risk: This involves factors that may defer or hamper the software testing project, i.e. unavailability of a test environment, shortage of staff, lack of required skills, delay in fixing issues etc.

Given below is a step by step guide to risk management in software testing:

Risk Identification

The most important step in identification is to analyze the risks faced in the previously developed software programs. Go through the project plan carefully and analyze the elements that may be vulnerable to any type of security risk. It is important to assess the risks in line with the objectives of the project. For a better understanding, you can create a flowchart and document all the risks in detail so that they can be retained in the project memory.

Risk Prioritization

It is recommended to sort the risk list on the basis of priority. This can be done on two basic principles, the probability of the risk being manipulated and the consequences it can have for the users as well as stakeholders. Rank each risk on a scale of 1 to 10 or high to low. Analyzing both these aspects in conjunction will give you an idea about the risks that are high on severity and need to be managed immediately.

Risk Management

Once all the risks have been analyzed and prioritized, the following measures may be applied to fix them:

  • Avoidance: This may be used if the risk is concerned with a new or minor element in the software. It involves delaying the release of the element, provided that it does not play a major role in the functioning of the software.
  • Transfer: In this, the risk management process is outsourced to a specialist who has the required tools and expertise to fix the problems identified. It may increase the overall cost of the project.
  • Acceptance: Any risk that cannot be treated due to factors like cost or non-availability of skilled staff, has to be accepted. It will be present in the current as well as future versions of the software.

For more information and tips on software testing, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Secure Coding Guidelines For Mobile Apps

19th June, 2017

Mobile applications play a major role in almost all the tasks that we perform on a daily basis. Right from social networking, checking emails, shopping to paying utility bills, there is an application for everything. However, considering such an extensive usage, hackers have left no stone unturned to jeopardize the security of mobile apps. This is usually done to steal customer’s sensitive information, gain control over a server or user’s computer or make the app inaccessible. Developing a secure code is essential to keep the app safeguarded against such attacks.

Listed below are a few factors that must be kept in mind in order to write a secure code for your mobile app:

Ask Only The Required Information

When a customer signs up to the app, you should not put forward extensive form for him to fill. Make sure you ask only for the data which is absolutely required to complete the sign up process. Irrelevant information will take time to process, take up a lot of disk space and provide a reason to the hackers to break in to your network. As far as possible, you must try to keep the form fields simple and small.

Perform Input Validation

Form fields in an application serve as the most common access points for the hackers. This may be done by entering unusual and arbitrarily long strings of data into the form with the goal of rendering the app unusable. It may also lead to database corruption or manipulation and system crashes. Therefore, it is important that you regularly test user input as well as validate it for a predefined type, length, format and range criterion.

Use Encryption For Sensitive Data

Data encryption is extremely important as it makes the hackers unable to view, access, manipulate or steal any information. Make sure you add encryption to the application’s code to keep all the sensitive data and authentication credentials absolutely secure. This will prevent them from getting leaked through logs or web cache. All the transactions should take place over a secure channel. You must implement stringent checks for attacks that involve manipulating form fields, changing amounts, recording credit card details etc.

For more tips on developing a secure code for your mobile application, you can contact Centex Technologies. We can be reached at (855) 375 – 9654.

,

No Comments

Cyber Security Risks In The Health Care Industry

12th June, 2017

The drastic increase in hacking attacks against medical institutions reveals that the health care industry has become a prime target for cyber criminals. As most of the services and information is provided online, hackers have found a convenient way to gain access to the internal network and extract sensitive data that can be used for malicious purposes. This can have serious financial and reputational repercussions for the targeted institution.

Given below are some of the common cyber security risks faced by the health care industry:

Phishing Attacks

Phishing attacks have become a common technique to extract confidential information through social engineering methods. Moreover, the high demand for patient’s medical records in the black market lures the hackers even more to carry out such attacks. To avoid being a victim, the hospital staff should be educated about the precautionary measures. They should be cautious while clicking on embedded links or downloading attachments received in emails from unknown senders. They should also not share any information without confirming that the email has been sent by an authorized personnel.

Ransomware

In order to further capitalize on the loopholes in a health care institution’s network security, hackers are using ransomware. It is a type of malware that locks down the files and data stored on the infected computer system, making them inaccessible for the authorized users. The malware then pops up a message on the computer screen, asking the victim to pay a certain amount of ransom to unlock the files. Hospitals must make sure that have a complete backup of the patient records so that hackers cannot gain anything out of a ransomware attack.

Cloud Threats

As health care institutions are constantly making the switch to cloud computing, there are a lot of variables concerning data security that need to be accounted for. Unrestricted file permissions and software vulnerabilities may provide a backdoor for the hackers to view or steal the files in the cloud. Ensure that you know exactly what information and assets have been uploaded to the cloud. Implement strict encryption policies for all the sensitive data. Determine the employees as well as computer systems that can have access to the information and to what extent.

We, at Centex Technologies, provide complete cyber security solutions to clients in Central Texas. For more information, you can call us at (855) 375 – 9654.

,

No Comments