Reader Comments

Software Security Testing in China

by Felipe Trujillo (2020-01-20)

Testing activities take place throughout the software life cycle, including security testing, which is used to reduce software vulnerabilities and control potential future costs. Usually the software life cycle starts with the need for a software product determined by an organization. In other words, this phase determines what the product looks like and how it functions.

It's not necessary to run security testing after the software requirements is made or a risk analysis is done. Past experiences can provide various aspects about how attackers may intrude into a similar system. In the initial step of software development, it's crucial to make requirements and analyze risks. Testing is driven by both risks and requirements, and risks are especially important in security testing. Severe security risks are often uncovered by security analysis. In fact, a security risk analysis is an integral part of secure software development, which can help promote requirements derivation and system design.

The process involves developing cases for mitigations, risks and requirements. If mitigations are planned for a particular risk, then security evaluating should focus on those mitigations and underlying risk itself. When faced with time pressure, testers are asked to spend less time examining a less severe mitigated risk.

Functional security evaluation usually begins when the software is available to test. Meanwhile, a detailed test plan should be prepared for this phase. Following are the activities related to security testing.

Risk Analysis

Risk analysis is the foundation of risk-based prioritization. It can be used to rank activities according to their priority. If faced with time pressure, there is no need to test the cases with lower priority. The risks identified should be used to:

Develop an all round test strategy which includes scope definition, the selection of applicable techniques, the determination of environment and acceptable coverage metrics.

Develop particular tests based on threats, vulnerabilities and assumptions found out by the risk analysis.

Increase coverage and focus in risky areas identified by the analysis.

Select data inputs based on threats and usage profiling created by risk analysis.

Creating a Plan

A test plan is made to organize the security testing process. It outlines the tasks and the procedures needed to be used for each task. The purpose of planning is to make the process as automatic as possible.

Establishing the Environment

Testing environment is very crucial for an efficient and effective testing. For enterprise-level software systems, the environment may be much more complex. For security testing, testers are asked to have more control over the environment in that testers need to examine and manipulate software or environment interactions more detailed when looking for weakness that could be used by attackers. Meanwhile, testers need to be able to control these interactions. Setting up the test environment may prevent unforeseen testing delays as well as help ensure a thorough understanding of risks associated with the operational environment.

Software testing in China developed to meet the need of market. In China, as an emerging industry, software testing becomes more and more popular with great potential. Chinese software development is developing at a high speed with the raising devices Smartphone, tablets, etc. This indicates that software testing has a booming development. As an essential step, security testing in China has gained more power and progress. The contributions of tis task include ensuring confidential data is not exposed to individuals and users can only perform tasks that they are authorized to perform. In China, enterprises and developers have paid great attention to this process. Next years, software testing in China is expected to be in a good prospect.

Alloway is a member from rayootech in China. welcome to website UniTesting is a professional and independent software testing company who set up a software testing center in China. UniTesting dedicates to provide wide range software QA testing services, including, functionality,automation, 랜섬웨어 토렌트 performance, security, compatibility , mobile application(Ios, Android, Windows, etc.), and team outsourcing.