Archive for category Security

How To Identify And Manage Software Testing Risks

26th June, 2017

Software testing is a complex process that involves in-depth identification and management of the potential risks. These may be concerned with different aspects of software development, such as legal liabilities, security, data integrity, project failure, nonconformity to quality standards etc.

Mainly, the risks can be classified into two types:

  • Product Risk: Also known as quality risk, it refers to the potential inability of a software to meet the expectations of the end users or stakeholders.
  • Project Risk: This involves factors that may defer or hamper the software testing project, i.e. unavailability of a test environment, shortage of staff, lack of required skills, delay in fixing issues etc.

Given below is a step by step guide to risk management in software testing:

Risk Identification

The most important step in identification is to analyze the risks faced in the previously developed software programs. Go through the project plan carefully and analyze the elements that may be vulnerable to any type of security risk. It is important to assess the risks in line with the objectives of the project. For a better understanding, you can create a flowchart and document all the risks in detail so that they can be retained in the project memory.

Risk Prioritization

It is recommended to sort the risk list on the basis of priority. This can be done on two basic principles, the probability of the risk being manipulated and the consequences it can have for the users as well as stakeholders. Rank each risk on a scale of 1 to 10 or high to low. Analyzing both these aspects in conjunction will give you an idea about the risks that are high on severity and need to be managed immediately.

Risk Management

Once all the risks have been analyzed and prioritized, the following measures may be applied to fix them:

  • Avoidance: This may be used if the risk is concerned with a new or minor element in the software. It involves delaying the release of the element, provided that it does not play a major role in the functioning of the software.
  • Transfer: In this, the risk management process is outsourced to a specialist who has the required tools and expertise to fix the problems identified. It may increase the overall cost of the project.
  • Acceptance: Any risk that cannot be treated due to factors like cost or non-availability of skilled staff, has to be accepted. It will be present in the current as well as future versions of the software.

For more information and tips on software testing, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Secure Coding Guidelines For Mobile Apps

19th June, 2017

Mobile applications play a major role in almost all the tasks that we perform on a daily basis. Right from social networking, checking emails, shopping to paying utility bills, there is an application for everything. However, considering such an extensive usage, hackers have left no stone unturned to jeopardize the security of mobile apps. This is usually done to steal customer’s sensitive information, gain control over a server or user’s computer or make the app inaccessible. Developing a secure code is essential to keep the app safeguarded against such attacks.

Listed below are a few factors that must be kept in mind in order to write a secure code for your mobile app:

Ask Only The Required Information

When a customer signs up to the app, you should not put forward extensive form for him to fill. Make sure you ask only for the data which is absolutely required to complete the sign up process. Irrelevant information will take time to process, take up a lot of disk space and provide a reason to the hackers to break in to your network. As far as possible, you must try to keep the form fields simple and small.

Perform Input Validation

Form fields in an application serve as the most common access points for the hackers. This may be done by entering unusual and arbitrarily long strings of data into the form with the goal of rendering the app unusable. It may also lead to database corruption or manipulation and system crashes. Therefore, it is important that you regularly test user input as well as validate it for a predefined type, length, format and range criterion.

Use Encryption For Sensitive Data

Data encryption is extremely important as it makes the hackers unable to view, access, manipulate or steal any information. Make sure you add encryption to the application’s code to keep all the sensitive data and authentication credentials absolutely secure. This will prevent them from getting leaked through logs or web cache. All the transactions should take place over a secure channel. You must implement stringent checks for attacks that involve manipulating form fields, changing amounts, recording credit card details etc.

For more tips on developing a secure code for your mobile application, you can contact Centex Technologies. We can be reached at (855) 375 – 9654.

,

No Comments

Cyber Security Risks In The Health Care Industry

12th June, 2017

The drastic increase in hacking attacks against medical institutions reveals that the health care industry has become a prime target for cyber criminals. As most of the services and information is provided online, hackers have found a convenient way to gain access to the internal network and extract sensitive data that can be used for malicious purposes. This can have serious financial and reputational repercussions for the targeted institution.

Given below are some of the common cyber security risks faced by the health care industry:

Phishing Attacks

Phishing attacks have become a common technique to extract confidential information through social engineering methods. Moreover, the high demand for patient’s medical records in the black market lures the hackers even more to carry out such attacks. To avoid being a victim, the hospital staff should be educated about the precautionary measures. They should be cautious while clicking on embedded links or downloading attachments received in emails from unknown senders. They should also not share any information without confirming that the email has been sent by an authorized personnel.

Ransomware

In order to further capitalize on the loopholes in a health care institution’s network security, hackers are using ransomware. It is a type of malware that locks down the files and data stored on the infected computer system, making them inaccessible for the authorized users. The malware then pops up a message on the computer screen, asking the victim to pay a certain amount of ransom to unlock the files. Hospitals must make sure that have a complete backup of the patient records so that hackers cannot gain anything out of a ransomware attack.

Cloud Threats

As health care institutions are constantly making the switch to cloud computing, there are a lot of variables concerning data security that need to be accounted for. Unrestricted file permissions and software vulnerabilities may provide a backdoor for the hackers to view or steal the files in the cloud. Ensure that you know exactly what information and assets have been uploaded to the cloud. Implement strict encryption policies for all the sensitive data. Determine the employees as well as computer systems that can have access to the information and to what extent.

We, at Centex Technologies, provide complete cyber security solutions to clients in Central Texas. For more information, you can call us at (855) 375 – 9654.

,

No Comments

Most Important Things To Keep Your Android Device Secure

29th May, 2017

Keeping an Android smartphone and tablet secure requires a lot more than adding a PIN or password lock. Any malicious app download or connection to an unsecure wireless network can not only jeopardize your online privacy, but also increase the risk of loss/theft of your confidential data.

Given below are some tips that can help you to improve the security of your Android device:

Lock all the apps and media

In addition to the screen lock, you can add an extra layer of protection by restricting access to the apps and media. This is particularly important for the apps that hold your private and sensitive information, such as social networking, email, online banking etc. This will prevent anyone from using your Android device, specifically if it has been lost or stolen. Make sure you select different PIN and password combinations for each app.

Download apps only from trusted sources

Your device’s default settings restrict downloading apps from any other source except Google Play Store. You should not change these settings as it may put your device’s security at risk. All apps on the Play Store are scanned for malware and other potential threat, which makes them safe to use. If you want to download third party applications, ascertain that you check their reliability and reviews before doing so. You should also go through the app permissions carefully. Do not install an app that seems to ask for permissions that are not required for its functioning.

Get virus and malware protection

Android, being open source software, is at a higher risk of hacking attacks and security breaches. Simply clicking on a link or downloading a file can infect your device with viruses and malware. Therefore, it is recommended that you download an anti-virus and anti-malware software. Run frequent scans to identify and remove any potentially harmful files from your device.

Use Android device manager

Android device manager can be really helpful in case your phone is lost or stolen. It allows you to lock your device and erase all the data stored on it, from a remote location. You can also track the location of the device using GPS technology. Once enabled, Android device manager works even after someone uninstalls the app from your device.

For more information on Android device security, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Bloatware: What It Is And How To Get Rid Of It

22nd May, 2017

Bloatware, also known as crapware, refers to the multiple pre-installed applications and software programs on a computer system that do not serve any important function. It usually consumes a lot of RAM and storage space on the hard disk, causing the system to work slowly. Certain types of bloatware are easy to detect, i.e. they may be present as a desktop icon or a start menu shortcut. However, some of them may remain unidentified and just clutter the computer system.

Types Of Bloatware

Trialware: These are the trial versions of software that are installed for a specific period of time, usually a week or a month. They mainly include anti-virus and anti-malware programs, which need to be purchased if one wants to use them after the trial period is over. In most cases, trialware can be easily identified and uninstalled.

Adware: This is one of the most annoying types of trialware that pops up unwanted ads on the computer screen. It can not only hamper your internet browsing experience, but also slow down your PC and make it vulnerable to various hacking attacks.

Utility Applications: Computer manufacturers may install certain utility applications that allow users to troubleshoot any hardware/software problems, update programs, install third party browser toolbars etc. The purpose served by these applications is similar to the in-built programs of the operating system. Add-on software to create videos, edit photos, play DVDs and other media or write CDs also come under the category of bloatware.

Tips To Remove Bloatware From Computer System

One of the best ways to completely uninstall bloatware from your computer is to wipe off the hard drive and re-install the operating system. This will delete all software installed on the system and you can install the ones that are required. If you simply use the system’s recovery utility, it will install all the applications again, including the bloatware.

Another option is to perform the uninstallation process manually from the control panel. Identify and delete the software that you do not use. However, it may leave certain associated files or programs on your computer. For applications that are operated by the Windows registry, it is recommended that you perform a complete uninstall from the software vendor’s website.

We, at Centex Technologies, offer efficient computer security solutions to the organizations in Central Texas. For more information on bloatware, you can call us at (855) 375 – 9654.

,

No Comments