One of my professors at the university said once to all of us: Computer scientists are at some point criminals. What he meant was that we or some of us – computer scientists – at some point like to try things that are not that “legal”. The most of us are “clean”, but some of us are “free time hackers”!
Nowadays the hackers are almost away from the 17 years old guy, trying to penetrate in some website and so on. They are now adults, with families, cars, pets, holidays and a job. They are professionals earning money for acting as such.
Application Security is not only important and essential for the companies and their businesses, technology and employees. Application Security is a macroeconomic aspect for the countries. There are a lot of secret services or governments agencies working on getting technology or information by advance hacking the server and databases of top companies or governments worldwide. When we hear that some countries could be behind the penetration of the USA electricity network, you can imagine what is going on outside.
Are we testers prepared for that job? I’m not! Last year we had the frst tutorial by Manu Cohen about Application Security Testing. It was amazing what you can do in few minutes using the right tools!!! Even as computer scientist your eyes get wide open. We saw after the frst tutorial that we need to give the attendees attack skills; they should learn also to attack and to think how a hacker thinks. The second tutorial some weeks ago had two days introduction into practical hacking. It was an even bigger success. We – as testers – have to be given specifc knowledge on security testing to do the job in the right way. As well as this tutorial by Manu Cohen there is an initiative called ISSECO. ISSECO has defned a syllabus for a certifcation as professional for secure software engineering. This is more than testing; security already starts with the requirements and design of the application. It is a part of the whole process. This is a step in the right direction!
Security is getting essential and that’s why we will issue a new magazine on this topic called Security Acts. The frst issue is going to be released on October 2009. It appears quarterly too. Please send us your proposals for articles.
The program for the Testing & Finance is ready and I hope to see you there. We have great speakers!
Last but not least I want you to pay attention to our new e-learning portal www. testingexperience.learntesting.com. You can register for ISTQB Certifed Tester Foundation Level and very soon for the Advanced Level. Enjoy learning!
José Manuel Díaz Delgado