Dear readers,
One of my professors at the university said once to all of us: Computer scientists
are at some point criminals. What he meant was that we or some of us – computer
scientists – at some point like to try things that are not that “legal”. The most of
us are “clean”, but some of us are “free time hackers”!
Nowadays the hackers are almost away from the 17 years old guy, trying to penetrate
in some website and so on. They are now adults, with families, cars, pets,
holidays and a job. They are professionals earning money for acting as such.
Application Security is not only important and essential for the companies and
their businesses, technology and employees. Application Security is a macroeconomic
aspect for the countries. There are a lot of secret services or governments
agencies working on getting technology or information by advance hacking the
server and databases of top companies or governments worldwide. When we hear
that some countries could be behind the penetration of the USA electricity network,
you can imagine what is going on outside.
Are we testers prepared for that job? I’m not! Last year we had the first tutorial
by Manu Cohen about Application Security Testing. It was amazing what you can
do in few minutes using the right tools!!! Even as computer scientist your eyes
get wide open. We saw after the first tutorial that we need to give the attendees at
tack
skills; they should learn also to attack and to think how a hacker thinks. The
second tutorial some weeks ago had two days introduction into practical hacking.
It was an even bigger success.
We - as testers - have to be given specific knowledge on security testing to do the
job in the right way. As well as this tutorial by Manu Cohen there is an initiative
called ISSECO. ISSECO has defined a syllabus for a certification as professional
for secure software engineering. This is more than testing; security already starts
with the requirements and design of the application. It is a part of the whole process.
This is a step in the right direction!
Security is getting essential and that’s why we will issue a new magazine on this
topic called Security Acts. The first issue is going to be released on October 2009.
It appears quarterly too. Please send us your proposals for articles.
The program for the Testing & Finance is ready and I hope to see you there. We
have great speakers!
No comments:
Post a Comment