The terms ‘Cyber Security’ & ‘IT Security’ are often used largely interchangeably, but there are some subtle differences between the two. ‘Cyber Security’ refers predominantly to securing of an individual device, such as a single PC or smartphone; ‘IT Security’ is applied more generally to an entire system, including single devices or entire networks.
Our colleague Tom Cowley recently worked on a cyber security training. Here are his Top 5 learnings and their relevance for software testing.
Password reusing is the bane of Cyber Security. Compromising any database allows hackers to access potentially tens of thousands of similar accounts of all manner of different subjects.
Cross-Principle Applications to Testing: Database security is paramount, and a key priority in testing any account-based system.
Two-step authentication is a dramatic increase in the security of an account, and it should always be enacted where available.
Cross-Principle Applications to Testing: Any secondary authentication measures included should be tested thoroughly across a broad variety of platforms.
Limit personal data associated with an account to a bare minimum.
Cross-Principle Applications to Testing: Test necessity of data storage in all instances, so as to reduce the impact of any missed vulnerabilities.
Keep reputable security software active at all times & updated continually.
Cross-Principle Applications to Testing: Test subsystem isolation, determining whether input points are vulnerable to virus insertion.
Be vigilant against thinking that obscurity is a meaningful defence. In time, malicious individuals will find even the most unknown soft target.
Cross-Principle Applications to Testing: Apply thorough security testing principles to every possible input system.