www.itcsoftware.com itc software itc security testing services date (day month, year) place (city,...
TRANSCRIPT
www.itcsoftware.com
ITCSoftwareSoftware
ITC
SECURITY TESTING SERVICES
Date (Day Month, Year)Place (City, Country)
www.itcsoftware.com
ITCSoftwareSecurity testing services
PRESENTATION PLAN
• WHAT IS SECURITY TESTING
• WHO NEEDS SECURITY TESTING
• SECURITY TESTING AT ITC Software
• SECURITY TESTING PROCESS
www.itcsoftware.com
ITCSoftwareWhat is security testing
WHAT IS SECURITY TESTING?
Security testing is a process to determine that an information system protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorization, availability and non-repudiation.
REASONS FOR SECURITY TESTING
• Information and access security. Security tests help to find out loopholes that can cause loss of important information or allow intruder into the systems.
• System stability. Security testing helps to improve the system and finally helps it to work for longer time (or it will work without hassles for the estimated time).
• System integrity. If involved on the early stages of development life cycle, security testing allows to eliminate possible flaws in system design and implementation.
• Economical efficiency. It’s much cheaper to prevent the possible problem rather than to strive for resolving it and its consequences.
www.itcsoftware.com
ITCSoftwareSecurity testing services
PRESENTATION PLAN
• WHAT IS SECURITY TESTING
• WHO NEEDS SECURITY TESTING
• SECURITY TESTING AT ITC Software
• SECURITY TESTING PROCESS
www.itcsoftware.com
ITCSoftwareWhat is solved with security testing
According OWASP Top Ten 2010 MAIN WEB SECURITY PROBLEMS are:
• Injections
• Cross Site Scripting (XSS)
• Broken authentification and session management
• Insecure direct object reference
• Cross Site Request Forgery (CSRF)
• Security misconfigurations
• Failure to restrict URL access
• Unvalidated redirects and forwards
• Insecure cryptographic storage
• Insufficient transport layer protection
www.itcsoftware.com
ITCSoftwareWho needs security testing
Security testing is very important for the following TYPES OF APPLICATIONS:
Web-applications
Applications with sensitive commercial or personal information
Payment and statistic systems
Applications, sensitive to data distortion
Social applications
Applications with expensive licensing
www.itcsoftware.com
ITCSoftwareSecurity testing services
PRESENTATION PLAN
• WHAT IS SECURITY TESTING
• WHO NEEDS SECURITY TESTING
• SECURITY TESTING AT ITC Software
• SECURITY TESTING PROCESS
www.itcsoftware.com
ITCSoftwareSecurity testing at ITC Software
• TEAM. At ITC Software we have a dedicated security testing team. Team members are highly experienced professionals in web-based and desktop applications security testing.
• METHODOLOGY. ITC Software security testing process is usually based on OWASP Testing Guide, PCI DSS, ISO 27001 and other most common standards and practices.
• TOOLS EMPLOYED. We use IBM Rational Appscan, WebInspect, WebScarab, Xspider, Nessus, Nikto, Firebug, and other small tools for injection checks.
www.itcsoftware.com
ITCSoftwareSecurity testing services
PRESENTATION PLAN
• WHAT IS SECURITY TESTING
• WHO NEEDS SECURITY TESTING
• SECURITY TESTING AT ITC Software
• SECURITY TESTING PROCESS
www.itcsoftware.com
ITCSoftwareSecurity testing process
If involved on the early stages of development life cycle, security testing allows to eliminate possible flaws in system design and implementation.
www.itcsoftware.com
ITCSoftwareContact details
ITC Software
Phone: + 978 287 4855
Email: [email protected]
Web: www.itcsoftware.com