www.itcsoftware.com

ITCSoftwareSoftware

ITC

SECURITY TESTING SERVICES

Date (Day Month, Year)Place (City, Country)

www.itcsoftware.com

ITCSoftwareSecurity testing services

PRESENTATION PLAN

• WHAT IS SECURITY TESTING

• WHO NEEDS SECURITY TESTING

• SECURITY TESTING AT ITC Software

• SECURITY TESTING PROCESS

www.itcsoftware.com

ITCSoftwareWhat is security testing

WHAT IS SECURITY TESTING?

Security testing is a process to determine that an information system protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorization, availability and non-repudiation.

REASONS FOR SECURITY TESTING

• Information and access security. Security tests help to find out loopholes that can cause loss of important information or allow intruder into the systems.

• System stability. Security testing helps to improve the system and finally helps it to work for longer time (or it will work without hassles for the estimated time).

• System integrity. If involved on the early stages of development life cycle, security testing allows to eliminate possible flaws in system design and implementation.

• Economical efficiency. It’s much cheaper to prevent the possible problem rather than to strive for resolving it and its consequences.

www.itcsoftware.com

ITCSoftwareSecurity testing services

PRESENTATION PLAN

• WHAT IS SECURITY TESTING

• WHO NEEDS SECURITY TESTING

• SECURITY TESTING AT ITC Software

• SECURITY TESTING PROCESS

www.itcsoftware.com

ITCSoftwareWhat is solved with security testing

According OWASP Top Ten 2010 MAIN WEB SECURITY PROBLEMS are:

• Injections

• Cross Site Scripting (XSS)

• Broken authentification and session management

• Insecure direct object reference

• Cross Site Request Forgery (CSRF)

• Security misconfigurations

• Failure to restrict URL access

• Unvalidated redirects and forwards

• Insecure cryptographic storage

• Insufficient transport layer protection

www.itcsoftware.com

ITCSoftwareWho needs security testing

Security testing is very important for the following TYPES OF APPLICATIONS:

Web-applications

Applications with sensitive commercial or personal information

Payment and statistic systems

Applications, sensitive to data distortion

Social applications

Applications with expensive licensing

www.itcsoftware.com

ITCSoftwareSecurity testing services

PRESENTATION PLAN

• WHAT IS SECURITY TESTING

• WHO NEEDS SECURITY TESTING

• SECURITY TESTING AT ITC Software

• SECURITY TESTING PROCESS

www.itcsoftware.com

ITCSoftwareSecurity testing at ITC Software

• TEAM. At ITC Software we have a dedicated security testing team. Team members are highly experienced professionals in web-based and desktop applications security testing.

• METHODOLOGY. ITC Software security testing process is usually based on OWASP Testing Guide, PCI DSS, ISO 27001 and other most common standards and practices.

• TOOLS EMPLOYED. We use IBM Rational Appscan, WebInspect, WebScarab, Xspider, Nessus, Nikto, Firebug, and other small tools for injection checks.

www.itcsoftware.com

ITCSoftwareSecurity testing services

PRESENTATION PLAN

• WHAT IS SECURITY TESTING

• WHO NEEDS SECURITY TESTING

• SECURITY TESTING AT ITC Software

• SECURITY TESTING PROCESS

www.itcsoftware.com

ITCSoftwareSecurity testing process

If involved on the early stages of development life cycle, security testing allows to eliminate possible flaws in system design and implementation.

www.itcsoftware.com

ITCSoftwareContact details

ITC Software

Phone: + 978 287 4855

Email: info@itcsoftware.com

Web: www.itcsoftware.com