Are our systems secure?
The short answer is “No“. Yes, SOME systems are secure, but most of them are not. My father remembers the time when people did not lock their front doors. Instead they put brooms behind the door and that meant that nobody was at home. Our systems have the same security level – it does not exist, but nobody goes in, because you are not supposed to do that.
It will not stay like this for long. Attackers are on the move and they evolve all the time. For example there are nearly 1 million new malware threats are released every day.*
Software developers and testers must evolve as well. Security testing is a new direction and pressure point for software generally. So how do you become a security tester?
Security Testing Techniques
To be a good security tester, you basically need to be a hacker. The main difference between you and the hacker is written on the paper issued by the company you are working for; it defines that you are allowed on some specific dates at some specific hours to hack the system.
Here is the list of ideal skillset for the penetration testing (which is a form on black box security testing): **
- Mastery of an operating system.
- Good knowledge of networking and network protocols.
- Understanding how can you violate or manipulate a process.
- Basic scripting skills
- Knowledge how to configure firewall to block/allow only what you want
- Know some forensics
- Programming skills
- Have a desire and drive to learn new stuff.
- Basic knowledge of databases and how they work
- Will to interact and share your knowledge
Being a professional security tester opens up a new and thrilling career of testing. Mastering security testing gives you a possibility to contribute making quality software and get better satisfaction from users and product owners.
In the coming decades we need to invest more into security testing. There are loads of personal info on the Internet. That data must be protected. We all can contribute into building quality software and mastering security testing techniques.