Raising the Testing Bar with Cybersecurity

It is a reality that cyberattacks are increasing tremendously. Informally, firms can be divided into two categories: those that have suffered a cyberattack and those that are going to suffer it. Therefore, how can testers like us contribute in this harsh environment? Can we really prevent certain critical scenarios without being cybersecurity experts?

To start, I’ll review and explain some recent media cyberattacks. This introduction will be crucial to understand the main vulnerabilities and risks that our products are going to be exposed throughout the course of their lifetime. It is clear that at this point, as testers, we need to take action. Based on this, automation and tool integration will be required during the Secure Software Development Life Cycle (SSDLC).

I will include tips, examples, tools and a demo to show how such work environments will provide the teams agility, expertise and, ultimately, simplify some certification processes for their products in major standards like ISO 27001.

With all of that information at hand, and using our testing expertise on different new skills and tools, a few mitigations will be developed in order to encourage the usage of static code analysis to find vulnerabilities, find some data sets to force critical use cases, etc. In other words, lead a cybersecurity culture and strategy in our team.