London software testing news UK

HP Security test tool

Posted in security testing,Software testing,testing tool by testing in London on April 24, 2011

HP have released a new real-time security testing application. This development is rooted in a combintion of the collatoral from recent acquisitions that HP have made of SPI Dynamics  (the Web Inspect technology) and Fortify (On Demand SaaS solutions). This is partly shown in the testing tool’s name: HP Fortify Real Time Hybrid Analysis.

The security testing application helps identify security vulnerabilities in real time and prioritse these weakness in the defect tracking system. It can detect security attacks while they are happening and categorise the type of attack. The testing tool can then locate the root cause through code analysis.

Pen testing tool

Posted in security testing,testing tool by testing in London on November 27, 2009

From Secuobs

A Penetration Testing tool intended to find vulnerabilities in Web Pages especially Buffer Overflow and XSS Firefuzzer is expected to perform black-box scans over the web pages. It will target the web page URL which is passed as an argument via command line and will mark the textboxes within the HTML forms to inject unacceptable data. Then, FireFuzzer will inject random textual data and submit the forms to see whether Exceptions are generated.

Security Application Testing CoE (Centre of Excellence)

Posted in security testing,Software testing,testing tool by testing in London on July 28, 2009

Paladion have built an Application Security Testing Centre of Excellence around the HP Application Security Center software tool, in India. It consists of a dedicated infrastructure, experienced security test professionals and best practices and methods in HP application security center. Its goal is to find and fix security vulnerabilities in software applications through the entire SDLC (Software Development Life Cycle).

DR test failure exposes high risk

Posted in security testing,Software testing by testing in London on July 7, 2009

From Washington Technology

One in four DR tests fails. Given that over one-third of respondents say they test their DR plans no more than once a year, enterprises may be at considerable risk. Among the reasons for the infrequent testing:

  • lack of resources (time) (48%),
  • budget resources (44%),
  • disruption to employees (44%), and
  • disruption to customers (40%).

“Forty percent of respondents reported that disaster recovery testing will impact their organisations’ customers and nearly one third reported that such testing could impact their organisation’s sales and revenue.”

One in four organisations do not test virtual environments. While improving (one in three last year), 36 percent of data residing on virtualized systems is still included in regular backups.

HP launches application security solutions

Posted in security testing,Software testing,testing tool by testing in London on April 16, 2009

From Sys-con

New offerings include:

  • HP Assessment Management Platform 8.0 – helps customers through its distributed, scalable web application security testing platform.
  • HP WebInspect 8.0 – helps customers thoroughly analyse complex web applications. This new release delivers fast, accurate security testing capabilities for web applications, including those built on emerging Web 2.0 technologies.

HP Assessment Management Platform 8.0 software helps customers set up a Center of Excellence (CoE) for application security. In a CoE model, a small team of security experts helps analyse the results of security tests that are implemented by people that may not have security expertise.

By using this model for testing applications for security vulnerabilities within existing development, quality assurance and operations processes, organizations can increase security coverage across the enterprise at minimal cost.

Security testing and ethics

Posted in security testing by testing in London on March 15, 2009

From eWeek

How do responsible security researchers work? It’s not exactly the same field as botnet research, but I think you can get a good sense of good principles from the Fundamental Principles of Testing for the AMTSO (Anti-Malware Testing Standards Organization): Never create new malware and protect the public networks from the research at all times.

Alex Eckelberry, CEO of Sunbelt Software, commenting on this in a post to the funsec mailing list. says it well:

…malware researchers routinely deal with botnets for analysis purposes. It would be considered a high crime indeed to allow a spambot to actually send spam to the outside world, even for “testing” purposes. And, shutting down a botnet yourself, even with the best intentions, is simply not a good idea. You don’t know what accidental harm you may cause. You also don’t really know what’s on the user’s system that will simply restart the whole process.

Software testing resources

Companies ignore DR testing at their own peril

Posted in security testing,Software testing by testing in London on March 13, 2009

From TechWorld

Jim Spooner said that while most companies had some element of disaster recovery (DR) in play in case of acts such as terrorism, internal mistakes, staff sabotage, power blackouts and geographic issues (such as flooding), a lot of companies are not properly testing their DR plans, especially in times where IT budgets are increasingly being constrained or trimmed.

Testing DR is often overlooked, but it is a key issue,” said Spooner. “If you have invested £2 million in your Disaster Recovery environment, it makes no sense not to spend £50,000 testing your plan. Labs can be rented for DR testing purposes, and this should take place at the weekends in order to ensure minimal disruption to existing systems.”

New DR testing product

Posted in security testing,Software testing,testing tool by testing in London on March 12, 2009

From Apache

Business continuity exercises have always been complicated and hard to exercise. There is significant planning involved to test the availability and recovery of the IT workloads and usually requires extensive downtime and effort from IT managers.

Virtualization technology has helped IT managers with this process but that is primarily only for local high availability testing at the primary data center. The roll of a business continuity planner is to exercise the entire IT infrastructure and verify the workloads can be recovered and run at a functional level to restore critical business operations.

Live Disaster Recovery Testing without production downtime: Double-Take for Hyper-V allows you to bring up a replicated virtual machine in testing mode to make sure it works without affecting the production environment and then shut it back down and resume protection of the production workload

Web application security testing

Posted in security testing,Software testing by testing in London on March 8, 2009

From SC Magazine

The industry is ablaze with web application security mania. While the topic isn’t new, it has been driven to the fore recently through an explosion of highly publicised security compromises and through the increasing demands placed on organisations to assess the posture of their applications in order to comply with standards.

As more and more organisations rely on pen testers to simulate malicious attacks, it has become essential that organisations be poised to assess potential service providers and vendors offering these services. In doing so, organisations can intelligently test their pen testers and thereby get the most bang for their security buck.

Web application testing

25 big reasons for testing software

Posted in security testing,Software testing by testing in London on January 14, 2009


Experts from more than 30 US and international cyber security organisations have released a list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organisations developing software for sale.

The impact of these errors is far reaching. Just two of them led to more than 1.5 million web site security breaches during 2008 – and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies.

It is intended that software testing tools will use the Top 25 in their evaluations and provide scores for the level of secure coding in software being tested. Already one of the leading software testing vendors has announced that its software will be able to test for and report on the presence of a large fraction of the Top 25 Errors. Application development teams will use such testing software during the development process.

Next Page »