Thank you to everyone who registered and attended our webinar on "The Internet of Things - Risks Presented by Security!" We knew this would be a very popular topic of discussion based on the poll results from part I of our IoT webinar series, "The Internet of Things and Its Impact on Testing." With more than 55% of attendees from our last webinar citing security as their primary area of concern, we wanted to organize a webinar that addressed current vulnerabilities and new vulnerabilities that you and your teams need to be aware of. We were very pleased with the turnout and truly appreciate that you find these discussions valuable!
We all learned during the last webinar that the Internet of Things is not something that is destined to fade, but is something that is growing exponentially and will continue to do so! Gartner predicts that the number of devices connected to the Internet of Things will exceed 13 billion by the year 2020, so steps must be taken now to ensure that your devices, network, infrastructure, and interface layers are as secure as they can possibly be. We were thrilled to have more than 1000 registrants for yesterday's webinar and want to thank everyone again that took the time out of their days to join us for the live discussion.
As we do with all of our round table discussion style webinars, we ran several polls to help get an idea of the processes everyone in the audience is currently implementing so we can focus our discussions accordingly. The first poll we ran was to gauge how security testing is being done at your organizations, and we were very excited to see that 54% actually had dedicated security teams to tackle these challenges. It's great to see a number so high because it shows that you are aware of the risks and obstacles regarding security and are taking all of the necessary steps to make sure your software is as safeguarded as possible.
We ran a second poll after discussing the 4 main areas where security threats exist for the Internet of Things: devices, infrastructure, network and interface. We wanted to know which area you are most concerned with, and it was interesting to see how the answers were distributed very evenly! Network, infrastructure and interface were all tied at 27%, with devices not far behind at 19%. We were a little surprised to see that devices had the lowest percentage, but it was not surprising at all to see the answers for everything else to be very even! Keep an eye out for part III later this year where we will be covering automation and it's proper utilization when testing for the Internet of Things!
We would like to thank Joe Colantonio from TestTalks and Bob Crews from Checkpoint Technologies. Their participation and expertise were integral in making this webinar as successful and insightful as it was!
Be sure to keep checking back as we have these thought leadership webinars every month! Next month we will be discussing "Getting Test Automation Right!"
Below you can find answers from Bob to the questions asked during the webinar:
- Q: In a company where there is a dedicated security team, what are the opportunities for a QA organization to get involved and contribute to the security risk mitigation to an organization’s application or infrastructure?
- A: Great question. The opportunities for a QA organization to get involved and contribute to the security risk mitigation to an organization’s application or infrastructure are many. The primary opportunities would involve and include the following:
- Have your QA organization become well educated on the terminology involved with security testing, especially application security testing. For example – all should know the difference between “vulnerabilities: and “threats” are. This will assist them in communicating with the dedicated security team and learning what their (the security team’s) challenges are and how they (the QA team) can assist.
- Propose that your QA team develops a set number of regression test cases that would focus on detecting application security issues. Focus on those that can be uncovered via UI testing.
- Have the QA organization document, compile and maintain past application security issues, especially those uncovered in production and reported to the help desk or support team. This will provide invaluable assistance to the dedicated security testing team. Such information can assist in planning a strategy focused on legacy information.
- Propose that QA be involved in developing processes for test planning or, at the very least, be kept in the loop. While some redundancy is good…think “checks and balances”…too much would not be cost efficient.
- Specific to “risk mitigation” develop a process so that QA can assist in identifying the most common and/or highest impact vulnerabilities and have a verification process to ensure the security testing team is checking for these. This will assist in ensuring the riskiest vulnerabilities, from both a likelihood and impact perspective, are being addressed.