Security Testing Essentials of Cloud-Based Application

An IDC survey states that 87.5% of IT cloud computing businesses are concerned about Security Issues.

Let’s start with some greatest Cloud Security Breach instances!!!

1. Anthem’s Breach and the Ubiquity of Compromised Credentials
2. Amazon Cloud Horror – The demise of Code Spaces
3. Apple iCloud suffered the largest high-profile cloud security breach
4. Target security breach compromised up to 70 million customers’ credit card information during the holiday season
5. Home Depot suffered a similar fate with more than 56 million credit or debit cards and 53 million emails compromised

Cloud Security testing is very much crucial to assess the security level of the system hosted in the cloud. This requires ensuring ongoing defensive security controls and proactive regular assessments to check the apps ability to withstand the data breach threats.

The cloud security testing team should ensure if the cloud deployment is secure and should give actionable remediation information when it is not complying with security standards.

The team should proactively conduct, real-world security tests using the techniques used by hackers seeking to breach the data in cloud-based systems and applications.

The Five Cloud Security Testing Essentials for Consideration

Listed are the five essentials to be considered while adopting security testing strategy for cloud-based applications:

1. Scalability – The testing solution should be rapidly scalable with respect to the application while developing business needs without causing configuration and performance issues.
2. Availability – Availability of security testing teams working around the clock. This calls for strong test management via access to centralized test dashboards with features of effortless collaboration.
3. Speedy – Testing should be fast with short turnaround times and should have the ability to run parallel testing. This is required especially when most of the organizations are adopting agile methodologies.
4. Quality – The most important factor is that the testing should be able to make triaging of false positives and false negatives simple and fast. The reporting should include contextual, actionable guidance, empowering development team to resolve identified issues.
5. Cost – Agile methodologies not only require rapid testing but also require multiple iterations of security testing. These iterations should not incur undue incremental costs.

Cloud Security Testing Approach

1. Proactively verify the security aspects of the cloud-based systems and applications against current security hack techniques
2. Safely identify and validate critical cloud service vulnerabilities
3. Measure the susceptibility to SQL injection, cross-site scripting, and other web application attacks
4. Get actionable security information necessary to apply to the patches and code fixes
5. Verify security posture of systems and networks

Cloud testing activities do hold some challenges; your organization can overcome these hurdles. It’s imperious that the right software testing service provider would be able to ensure cloud security around applications, services, and data.

The 5S rule – Ways to a clutter free testing zone

An overview

In this competitive world of testing, with processes and methodologies being developed every day to achieve quality, how can one be up to date to attain the best results without compromising on anything and with no trade-offs? Quality being the ultimate goal, we should never hesitate to borrow anything from other industries that will make it better. When SCRUM a Rugby formation has made a revolution in Software Testing, why not a workplace organization methodology?

When things are going at a fast pace with bettering technology, there are still moments when we feel there is not enough time for the most important – Quality. Being organized is the only way out. If you are looking for ways to stay organized, here is the solution.

This article uses pointers from the 5S Japanese workplace organization methodology based on five Japanese words: Seiri, Seiton, Seiso, Seiketsu, and Shitsuke. These Japanese words translates to Sort, Straighten, Shine, Standardise and Sustain respectively. The intention of this article is to help one understand how to implement this 5S methodology in Software Testing.

The 5S methodology

The 5S methodology as Wikipedia defines it – “This methodology describes how to organize a work space for efficiency and effectiveness by identifying and storing the items used, maintaining the area and items, and sustaining the new order.” The aim of the 5S methodology is to keep the place clutter free, get rid of waste and have things organized for easy accessibility.

Now the parallel

Let us start drawing the parallel here. When every phase of testing is called out, there is a list of items that will immediately come to a tester’s mind and this forms the basis. This section, introduces the user to a few unconventional types of testing that when incorporated, will prove to be effective.

Sort

“Your mind is like this water, my friend. When it gets agitated, it becomes difficult to see. But if you allow it to settle, the answer becomes clear.” – Master Oogway (Kung Fu Panda).

The first step to getting organized to understand what is causing the clutter. In a workplace organization methodology if Sort means knowing what to keep and what to dispose, in software testing it would convert to knowing what is in scope and what is not. Defining the scope is very important. It will help keep things focused. Scope definition is part of planning. One should consider all aspects of the project’s life cycle from goals to deliverables.

Dependency Testing

In this testing type the team pre-examines the software to ensure impact of the new requirements. This process is very useful to identify what has to be included in scope weighing the impact of the upcoming change.

Straighten

“Our first game is called Well Begun is Half Done.” – Mary Poppins (Mary Poppins)

Know where to begin. Keep all that you need handy. In the 5S methodology, Straighten is to arrange items so they are easy to access. When it comes to testing these items translate to data. Keeping data ready at a hands distance is important to be organized in the testing approach. Once we have identified the scope, make ready the data. Sometimes, thinking of the test bed can open up avenues for recommendations.

Fuzz Data Testing

This technique involves feeding the system with a set of data to find error in coding loops and in the behaviour of the application. Automation skills will help. This testing when conducted effectively will cover several traditional tests for boundary value, equivalence partitioning, etc. and will also test the system for recovery, etc.

Shine

“Did you rub my lamp?” – Genie (Aladdin and his Wonderful Lamp)

Rub till it shines, who knows what you will uncover. Keeping the work area spic and span has always led to higher productivity. In testing, keep the virtual test space clean. Create Test Suites for identified tests and keep it focused for a build or release. This phase begins with the formal test designing – keep shining your tests by breaking them down to modular test cases.

Decision Table Testing

Take this approach to ensure test coverage. This type of testing helps lay out the possible combinations in a table so none is missed. It also reduces planning effort. From this table scenarios can be picked and converted to test cases.

Standardise

“With great power comes great responsibility” – Uncle Ben (Spider Man)

Once you get the handle of things and you feel you are in control, you have the responsibility of making it a standard. Standardise best practices – Create checklists for acceptance – Freeze templates. Simple is the key. Try to keep only what is necessary. If there are Test Management Tools, these do most of the delivery related metrics for you. So don’t worry about maintaining this data.

Yardstick Testing

To standardise, passing rules / conditions have to be formulated. Pick relevant parameters and establish benchmark for acceptance of an application for testing. Remember this is not a Smoke test; it has to be at a higher level. This testing technique needs some research and this will get better with time.

Sustain

“They haven’t complained yet.” – Captain von Trapp (The Sound of Music)

Don’t wait to hear feedback. Keep working by maintaining. Sustain means to maintain and also to keep improving. Apply / document experience gained. Further develop knowledge, skills and ability gained along this methodology and use this as input to improve.

Endowment Testing

Endowment Testing: This is a periodic analysis of the application to further build. The results of this testing can help evaluate the application’s ability to grow. Understand parallel systems in the market and recommend value added features to better the system

Taking it beyond

In some organizations, 5S became 6S – the 6th S being Safety – our parallel being Security. Once we have the basic testing in place, the methodology can be extended to include Security testing.

Wrapping up

Adapting to this methodology in Software Testing can help the testing team get organized and be prepared for upcoming requirements which is the smaller unit of any big project. There is no hard and fast rule here, the process can be tweaked to suite your need. This article tries to highlight a flow that will suite every software testing methodology though.

• A methodology that will suite any type of testing / domain / life cycle – Once the tester gets the basic idea of this system, it can be applied anywhere.
• Sets clear goals to keep only what is necessary – This enables the testers to stay focused.
• Augmentations tips that will help make each phase better – Introducing the tester to many more testing types that will improve quality.

FREE-UP the clutter and FOCUS on the most important.